1

I would like to modify permissions on a number of NetApp CIFS shares (over 100). These are user shares and each share has a different user with "Change" share permission, this permission now needs to be "Full Control".

I also need to be able to add a new group to these shares and give that group "Full Control" and finally I need to remove a group that has already been given permissions to the shares.

Basil
  • 8,851
  • 3
  • 38
  • 73
carbonbase
  • 11
  • 3

2 Answers2

1

If you're running powershell 4.0 check our Grant/Revoke-SMBShareAccess http://technet.microsoft.com/en-us/library/jj635705.aspx However, PS4 requires a Win8.1 or Server2012 R2 or later client OS to run. Earlier versions of PS did not have native cmdlets for share ACL modification.

I've had good luck with SUBINACL.EXE you can download here http://www.microsoft.com/en-us/download/details.aspx?id=23510

You can change the share perm from "change" to "full" by just granting full, don't need to revoke change.

C:\> subinacl /share \\netapp\home /revoke=theDom\theUser
\\netapp\home : delete Perm. ACE 1 theDom\theUser
\\netapp\home : 1 change(s)
Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done  : \\netapp\home

C:\> subinacl /share \\netapp\home /grant=theDom\theUser=f
\\netapp\home : new ace for theDom\theUser
\\netapp\home : 1 change(s)
Elapsed Time: 00 00:00:00
Done:        1, Modified        1, Failed        0, Syntax errors        0
Last Done  : \\netapp\home

C:\> subinacl /share \\netapp\home
==========================
+Share \\netapp\home
==========================
/control=0x0
/audit ace count   =0
/perm. ace count   =1
/pace =everyone         ACCESS_ALLOWED_ACE_TYPE-0x0
        Full Control
Elapsed Time: 00 00:00:00
Done:        1, Modified        0, Failed        0, Syntax errors        0
Last Done  : \\netapp\home
Clayton
  • 4,523
  • 17
  • 24
0

Have you looked at the various homedir styles on Netapp? In my shop, we have a couple of volumes that are shared out locked to just the admins, and inside them are subdirectories for each users' homedir. If you map or browse to \\filer\username$\, you are actually seeing inside that subdirectory, and when we provision home directories, we make the user the owner and have full control.

To do this, you need to set options cifs.home_dir_namestyle to hidden, and put the volumes you want to store your homedirs in in /etc/cifs_homedir.cfg. Whenever a user logs in whose name matches a directory in one of the volumes you've put in that file, they'll be matched to it no matter which volume it is in.

Basil
  • 8,851
  • 3
  • 38
  • 73