I have a NetApp filer, with a CIFS export. The permissions have been locked down on it, to a point where it's no longer accessible. I need to reset the permissions on this - I've figured out I can probably do this by changing the qtree to Unix security mode and back again (provided I'm prepared to unexport the share temporarily).
However, I think I should be able to use the fsecurity command to do this. There's just one problem - the manpage example refers to 'applying ACLs from a config file': https://library.netapp.com/ecmdocs/ECMP1196890/html/man1/na_fsecurity_apply.1.html
But what it doesn't do, is give me an example of what a 'security definition file' actually looks like.
Is anyone able to give me an example? Resetting a directory structure to Everyone/Full Control is sufficient for my needs, as re-applying permissions isn't a problem.
There is a utility on the NetApp website called 'secedit' that helps create a 'security definition file:
http://support.netapp.com/NOW/download/tools/secedit/download.shtml
A basic file looks like this:
This will set 'Everyone / Full Control' as an explicit ACL on the designated path. (If subfolders inherit, then it'll propagate, but not otherwise). You should then be able to reset the permissions to something more appropriate.
You'll need o save this into a file on your filer - for example,
/etc/security.conf
And then use(You may wish to use 'fsecurity show' before and after to verify the ACLs)
if you take here 2 and not 0 as in the example
then you can replace all permissions by only the new one. !Be carefully with it you will really remove all other permissions in all Subdirectorys!
Normal you will need this option only if you have interrupted inheritance in subfolders.