Table of ContentsView in Frames

Displaying information about NTFS audit policies on FlexVol volumes using the CLI

You can display information about NTFS audit policies on FlexVol volumes, including what the security styles and effective-security styles are, what permissions are applied, and information about system access control lists. You can use the results to validate your security configuration or to troubleshoot auditing issues.

About this task

You must supply the name of the Vserver that contains the path to the files or directories whose audit information you want to display. If you want to customize the output, you can use the following optional parameters to display information only about file and directory security that matches the specified parameters:

Optional parameter Description
-fields fieldsname, ... You can use this parameter to display information on the fields you specify. You can use this parameter either alone or in combination with other optional parameters.
-instance Displays detailed information about all entries.
-volume-name volume_name Displays information where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
-share-name share_name Displays information where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
-lookup-names {true|false} Displays information where the information about owner and group is set to one of the following:
  • true displays information where the lookup name is stored as a name.
  • false displays information where the lookup name is stored as a SID.
-expand-mask {true|false} Displays information where the hexadecimal bit mask entry is set to one of the following:
  • true displays information where the bit mask entries are store in expanded form.
  • false displays information where the bit mask entries are store in collapsed form.
-security-style {unix|ntfs|mixed|unified} Displays information for files and directories with paths in volumes of the specified security style. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the associated security type of the volume or qtree.

-effective-style {unix|ntfs|mixed|unified} Displays information for files and directories with the specified effective security style on the path. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the security scheme in effect for a given file or directory. A file or directory can have one of two security styles, either NTFS or UNIX. The effective security style is important with mixed security-style volumes and qtrees since a file or directory can have either NTFS-effective or UNIX-effective security (but not both).

-dos-attributes hex_integer Displays information only for files and directories with the specified DOS attributes.
-text-dos-attr text Displays information only for files and directories with the specified text DOS attributes.
-expanded-dos-attr text Displays information only for files and directories with the specified extended DOS attributes.
-user-id unix_user_ID Displays information only for files and directories with the specified UNIX user ID.
-group-id unix_group_ID Displays information only for files and directories with the specified UNIX group ID.
-mode-bits octal_permissions Displays information only for files and directories with the specified UNIX mode bits in Octal form.
-text-mode-bits text Displays information only for files and directories with the specified UNIX mode bits in text form.
-acls system_acls Displays information only for files and directories with the specified ACLs. You can enter the following information:
  • Type of ACL, which can be NTFS or NFSv4
  • Control bits in the security descriptors
  • Owner, which applies only in the case of NTFS security descriptors.
  • Group, which applies only in the case of NTFS security descriptors.
  • Access Control Entries (ACEs) which includes both discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL.
Note: NTFS security-style volumes and qtrees use only NTFS system access control lists for audit policies. Mixed security-style volumes and qtrees can contain some files and directories that are of NTFS security style, which can have NTFS audit policies applied to them.

Step

  1. Display audit policy settings:
    vserver security file-directory show -vserver vserver_name -path path optional_parameters

    Example

    The following example displays the audit policy information about the path /corp in Vserver vs1. This NTFS-security-style path has a NTFS-effective security style. The NTFS security descriptor contains both a SUCCESS and a SUCCESS/FAIL SACL entry:

    vserver security file-directory show -vserver vs1 -path /corp
             Vserver: vs1
                  File Path: /corp
             Security Style: ntfs
            Effective Style: ntfs
             DOS Attributes: 10
     DOS Attributes in Text: ----D---
    Expanded Dos Attributes: -
               Unix User Id: 0
              Unix Group Id: 0
             Unix Mode Bits: 777
     Unix Mode Bits in Text: rwxrwxrwx
                       ACLs: NTFS Security Descriptor
                             Control:0x8014
                             Owner:DOMAIN\Administrator
                             Group:BUILTIN\Administrators
                             SACL - ACEs
                               ALL-DOMAIN\Administrator-0x100081-OI|CI|SA|FA
                               SUCCESSFUL-DOMAIN\user1-0x100116-OI|CI|SA
                             DACL - ACEs
                               ALLOW-BUILTIN\Administrators-0x1f01ff-OI|CI
                               ALLOW-BUILTIN\Users-0x1f01ff-OI|CI
                               ALLOW-CREATOR OWNER-0x1f01ff-OI|CI
                               ALLOW-NT AUTHORITY\SYSTEM-0x1f01ff-OI|CI