Table of ContentsView in Frames

Displaying information about file security on mixed security-style FlexVol volumes

You can display information about file and directory security on mixed security-style FlexVol volumes, including what the security style and effective security styles are, what permissions are applied, and information about UNIX owners and groups. You can use the results to validate your security configuration or to troubleshoot file access issues.

About this task

You must supply the name of the Vserver that contains the data and the path to the data whose file or directory security information you want to display. If you want to customize the output, you can use the following optional parameters to display information only about file and directory security settings that match the specified parameters:

Optional parameter Description
-fields fieldsname, ... You can use this parameter to display information on the fields you specify. You can use this parameter either alone or in combination with other optional parameters.
-instance Displays detailed information about all entries.
-volume-name volume_name Displays information where the specified path is relative to the specified volume. If this parameter is not specified, the Vserver root volume is taken as default.
-share-name share_name Displays information where the specified path is relative to the root of the specified share. If this parameter is not specified, the Vserver root volume is taken as default.
-lookup-names {true|false} If set to true, the command displays information about file and directory security for files and directories where the information about owner and group are stored as names. If set to false, the command displays information about file and directory security for files and directories where the information for owner and group are stored as SIDs.
-expand-mask {true|false}
  • If set to true, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are store in expanded form.
  • If set to false, the command displays information about file and directory security for files and directories where the hexadecimal bit mask entries are store in collapsed form.
Note: By default, if the value of -expand-mask is set to false, the value displayed for the
Expanded Dos Attributes output field is "-". You must set the value of this option to true if you want to display the expanded DOS attributes.
-security-style {unix|ntfs|mixed|unified} Displays information for files and directories with paths in volumes of the specified security style. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the associated security type of the volume or qtree.

-effective-style {unix|ntfs|mixed|unified} Displays information for files and directories with the specified effective security-style on the path. This command is not supported for Vservers with Infinite Volumes; therefore, the unified value is not valid for this release.

This is the security scheme in effect for a given file or directory. A file or directory can have one of two security styles, either NTFS or UNIX. The effective security style is important with mixed security-style volumes and qtrees since a file or directory can have either NTFS or UNIX effective security (but not both).

-dos-attributes hex_integer Displays information only for files and directories with the specified DOS attributes.
-text-dos-attr text Displays information only for files and directories with the specified text DOS attributes.
-expanded-dos-attr text Displays information only for files and directories with the specified extended DOS attributes.
-user-id unix_user_ID Displays information only for files and directories with the specified UNIX user ID.
-group-id unix_group_ID Displays information only for files and directories with the specified UNIX group ID.
-mode-bits octal_permissions Displays information only for files and directories with the specified UNIX mode bits in Octal form.
-text-mode-bits text Displays information only for files and directories with the specified UNIX mode bits in text form.
-acls security_acls Displays information only for files and directories with the specified ACLs. You can enter the following information:
  • Type of ACL, which can be NTFS or NFSv4

    For NTFS security-style volumes and qtrees, the ACL type must be NTFS.

  • Control bits in the security descriptors
  • Owner, which applies only in the case of NTFS security descriptors
  • Group, which applies only in the case of NTFS security descriptors
  • Access Control Entries (ACEs), which includes both discretionary access control list (DACL) and system access control list (SACL) access control entries (ACEs) in the ACL
Note: This field is empty for files and directories using UNIX security that have only mode bit permissions applied (no NFSv4 ACLs).
Note: Mixed security-style volumes and qtrees can contain some files and directories that use UNIX file permissions, either mode bits or NFSv4 ACLs, and some files and directories that use NTFS file permissions.

Step

  1. Display file and directory security settings:
    vserver security file-directory show -vserver vserver_name -path path optional_parameters

Examples

The following example displays the security information about the path /projects in Vserver vs1 in expanded-mask form. This mixed security-style path has a UNIX-effective security style:

cluster1::> vserver security file-directory show -vserver vs1 -path /projects -expand-mask true

                Vserver: vs1
              File Path: /projects
         Security Style: mixed
        Effective Style: unix
         DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: 0x10
     ...0 .... .... .... = Offline
     .... ..0. .... .... = Sparse
     .... .... 0... .... = Normal
     .... .... ..0. .... = Archive
     .... .... ...1 .... = Directory
     .... .... .... .0.. = System
     .... .... .... ..0. = Hidden
     .... .... .... ...0 = Read Only
           Unix User Id: 0
          Unix Group Id: 1
         Unix Mode Bits: 700
 Unix Mode Bits in Text: rwx------
                   ACLs: -

The following example displays the security information about the path /data in Vserver vs1. This mixed security-style path has an NTFS-effective security style:

cluster1::> vserver security file-directory show -vserver vs1 -path /data                       

                                 Vserver: vs1
                               File Path: /data
                          Security Style: mixed
                         Effective Style: ntfs
                          DOS Attributes: 10
                  DOS Attributes in Text: ----D---
                 Expanded Dos Attributes: -
                            Unix User Id: 0
                           Unix Group Id: 0
                          Unix Mode Bits: 777
                  Unix Mode Bits in Text: rwxrwxrwx
                                    ACLs: NTFS Security Descriptor
                                          Control:0x8004
                                          Owner:BUILTIN\Administrators
                                          Group:BUILTIN\Administrators
                                          DACL - ACEs
                                            ALLOW-Everyone-0x1f01ff
                                            ALLOW-Everyone-0x10000000-OI|CI|IO