Table of ContentsView in Frames

Displaying information about file security on UNIX security-style FlexVol volumes

You can display information about file and directory security on UNIX security-style FlexVol volumes, including what the security styles and effective security styles are, what permissions are applied, and information about UNIX owners and groups. You can use the results to validate your security configuration or to troubleshoot file access issues.

About this task

You must supply the name of the Vserver that contains the data and the path to the data whose file or directory security information you want to display. If you want to customize the output, you can use the following optional parameters to display information only about file and directory security that matches the specified parameters:

Optional parameter Description
-fields fieldsname, ... You can use this parameter to display information on the fields you specify. You can use this parameter either alone or in combination with other optional parameters.
-instance Displays detailed information about all entries.
-volume-name volume_name Displays information where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
-share-name share_name Displays information where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
-lookup-names {true|false} Although you can specify a value for the -lookup-names parameter, this parameter does not apply for UNIX security-style volumes. In NFSv4 ACLs, ACE's are displayed in SID format; therefore, lookup name are not stored as a name. The name is stored as SID and that is what is returned even if this value is set to true.
-expand-mask {true|false} Displays information where the hexadecimal bit mask entry is set to one of the following:
  • true displays information where the bit mask entries are store in expanded form.
  • false displays information where the bit mask entries are store in collapsed form.
-security-style {unix|ntfs|mixed|unified} Displays information for files and directories with paths in volumes of the specified security style. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the associated security type of the volume or qtree.

-effective-style {unix|ntfs|mixed|unified} Displays information for files and directories with the specified effective security style on the path. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the security scheme in effect for a given file or directory. A file or directory can have one of two security styles, either NTFS or UNIX. The effective security style is important with mixed security-style volumes and qtrees since a file or directory can have either NTFS or UNIX effective security (but not both).

-dos-attributes hex_integer Displays information only for files and directories with the specified DOS attributes.
-text-dos-attr text Displays information only for files and directories with the specified text DOS attributes.
-expanded-dos-attr text Displays information only for files and directories with the specified extended DOS attributes.
-user-id unix_user_ID Displays information only for files and directories with the specified UNIX user ID.
-group-id unix_group_ID Displays information only for files and directories with the specified UNIX group ID.
-mode-bits octal_permissions Displays information only for files and directories with the specified UNIX mode bits in Octal form.
-text-mode-bits text Displays information only for files and directories with the specified UNIX mode bits in text form.
-acls system_acls Displays information only for files and directories with the specified ACLs. You can enter the following information:
  • Type of ACL, which can be NTFS or NFSv4

    For UNIX security-style volumes and qtrees, the ACL type must be NFSv4.

  • Control bits in the security descriptors
  • Owner, which applies only in the case of NTFS security descriptors

    This does not apply for UNIX security-style volumes and qtrees.

  • Group, which applies only in the case of NTFS security descriptors

    This does not apply for UNIX security-style volumes and qtrees.

  • Access Control Entries (ACEs), which includes both discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL
Note: This field is empty for UNIX-security style files and directories that have only mode bit permissions applied (no NFSv4 ACLs).
Note: UNIX security-style volumes and qtrees use only UNIX file permissions, either mode bits or NFSv4 ACLs when determining file access rights.

Step

  1. Display file and directory security settings:
    vserver security file-directory show -vserver vserver_name -path path optional_parameters

Examples

The following example displays the security information about the path /home in Vserver vs1:

cluster1::> vserver security file-directory show -vserver vs1 -path /home
                  
                                 Vserver: vs1
                               File Path: /home
                           Security Style: unix
                          Effective Style: unix
                           DOS Attributes: 10
                   DOS Attributes in Text: ----D---
                  Expanded Dos Attributes: -
                             Unix User Id: 0
                            Unix Group Id: 1
                           Unix Mode Bits: 700
                   Unix Mode Bits in Text: rwx------
                                     ACLs: -

The following example displays the security information about the path /home in Vserver vs1 in expanded-mask form:

cluster1::> vserver security file-directory show -vserver vs1 -path /home -expand-mask true                       

                                 Vserver: vs1
                               File Path: /home
                          Security Style: unix
                         Effective Style: unix
                          DOS Attributes: 10
                  DOS Attributes in Text: ----D---
                 Expanded Dos Attributes: 0x10
                      ...0 .... .... .... = Offline
                      .... ..0. .... .... = Sparse
                      .... .... 0... .... = Normal
                      .... .... ..0. .... = Archive
                      .... .... ...1 .... = Directory
                      .... .... .... .0.. = System
                      .... .... .... ..0. = Hidden
                      .... .... .... ...0 = Read Only
                            Unix User Id: 0
                           Unix Group Id: 1
                          Unix Mode Bits: 700
                  Unix Mode Bits in Text: rwx------
                                    ACLs: -