b) Click the Security tab and view the NTFS file permissions
TASK 1: CONFIGURE YOUR STORAGE SYSTEM FOR MULTIPROTOCOL ACCESS
In this task, you will configure the storage system for multiprotocol access, and then view file permissions for files in an NTFS qtree, UNIX qtree, and mixed qtree.
STEP ACTION
1. Using NetApp® System Manager or the command-line interface, create a new qtree with the following parameters:
Name: ntfstree Volume: NASvol Security Style: NTFS Oplocks: None
2. Using NetApp System Manager or the command-line interface, create a new qtree with the following parameters:
Name: unixtree Volume: NASvol Security Style: unix Oplocks: None
3. Using NetApp System Manager or the command-line interface, create a new qtree with the following parameters:
Name: mixedtree Volume: NASvol Security Style: mixed Oplocks: None
E10-3 Accelerated NCDA Boot Camp Data ONTAP 8.0 7-Mode: NAS Multiprotcol
© 2010 NetApp, Inc. This material is intended for training use only. Not authorized for reproduction purposes.
STEP ACTION
4. Before configuring your storage system for multiprotocol access, perform the following from your Windows Server:
a) Create a share on the storage system called ntfsshare (for your ntfstree qtree on NASvol) and map a network drive to the share.
b) Create a share on the storage system called unixshare (for your unixtree qtree on NASvol) and map a network drive to the share.
c) Create a share on the storage system called mixedshare (for your mixedtree qtree on NASvol) and map a network drive to the share.
NOTE: You might need to disconnect all map drives, log out, and log back in to the Windows machine to clear the security cache. Windows does not allow you to map two separate shares with different security accounts.
5. At the storage system prompt, view the current default security style by entering the following command:
system> options wafl.default_security_style What is the current default security style? ______________________
6. At the storage system prompt, enter the following command to view the security style for each qtree on NASvol:
system> qtree status NASvol
STEP ACTION
7. On the Windows Server, open Windows Explorer, go to the mapped network drive for ntfsshare, and view the security of the ntfsshare by performing the following:
a) From Windows Explorer, click on Computers within the left pane. You should see a list of your local and mapped drives.
b) Right-click the drive that is mapped to ntfsshare and choose Properties.
c) Click the Security tab.
Who has access to the qtree, and what are the NTFS permissions on the file system?
___________________________________________________________
d) Click the Cancel button.
e) Double-click the ntfsshare in the console tree to view the contents of the share.
f) Create a new text file in this share by right-clicking in the right windowpane and choosing New > Text Document.
g) Right-click the previously created text file and choose Properties.
h) Click the Security tab.
Who has access to the file and what are the file permissions?
_______________________________________________
i) Click the Cancel button.
Recall that the ntfstree qtree has a designated security style of NTFS. This means that files have Windows NTFS ACLs (permissions).
E10-5 Accelerated NCDA Boot Camp Data ONTAP 8.0 7-Mode: NAS Multiprotcol
© 2010 NetApp, Inc. This material is intended for training use only. Not authorized for reproduction purposes.
STEP ACTION
8. On the Windows workstation, open Windows Explorer, go to the mapped network drive for the unixshare share, and view the security of the unixshare by performing the following:
a) From Windows Explorer, click on Computers within the left pane. You should see a list of your local and mapped drives.
b) Right-click on the drive associated with unixshare and choose Properties.
Is there a Security tab? ________________________
c) Click the Cancel button.
d) Double-click the unixshare in the console tree to view the contents of the share.
e) Create a new text file in this share by right-clicking in the right windowpane and choosing New > Text Document.
f) Right-click the New Text Document.txt file and choose Properties.
Is there a Security tab? ________________________
g) Click the Cancel button.
Recall that the unixtree qtree has a designated security style of UNIX, and that files and directories have UNIX permissions.
You are a Windows user accessing a UNIX qtree and a UNIX file. The Properties window (in Microsoft® Windows) is not designed to interpret the UNIX permissions on the share and file and hence the Security tabs are missing. However, starting with Data ONTAP® 7.2, changes have been made to the multiprotocol functionality. Now administrators can both display and change UNIX permissions from the Windows Security tab. You will set this in step 10 of this lab.
STEP ACTION
9. On the Windows workstation, open Windows Explorer, go to the mapped network drive for mixedshare, and view the security of the mixedshare by performing the following:
a) From Windows Explorer, click on Computers within the left pane. You should see a list of your local and mapped drives.
b) Right-click on the drive associated with mixedshare and choose Properties.
c) Click the Security tab.
Who has access to the qtree, and what are the NTFS permissions on the file system?
__________________________________________________
d) Click the Cancel button.
e) Double-click the mixedshare in the console tree to view the contents of the share.
f) Create a new text file in this share by right-clicking in the right windowpane and choosing New > Text Document.
g) Right-click the New Text Document.txt file and choose Properties.
h) Click the Security tab.
Who has access to the file, and what are the file permissions?
_______________________________________________
i) Click the Cancel button.
Recall that the mixedtree qtree has a designated security style of mixed. This means that the default security style of a file is the style most recently used to set permission on that file. With mixed security style, the volume or qtree can have UNIX or NTFS file security in play.
Because the mixedtree qtree was created when the storage system was multiprotocol mode, the mixed qtree initially inherited the effective security style of the parent volume.
10. To view the UNIX permissions on the files in this multiprotocol environment, enter the following option at the storage system prompt:
system> options cifs.preserve_unix_security on
Enabling this option allows you to manipulate a file’s UNIX permissions using the Security tab on a Windows client, or using any application that can query or set Windows ACLs. When enabled, this option causes UNIX qtrees to appear as NTFS volumes. The default for this option is “off.”
11. On the Windows workstation, open Windows Explorer, go to the mapped network drive for ntfsshare, and view the security of the previously created text file by performing the following:
a) Right-click the previously created text file and choose Properties.
b) Click the Security tab and view the permissions for the Everyone.
c)
Click the Cancel button.E10-7 Accelerated NCDA Boot Camp Data ONTAP 8.0 7-Mode: NAS Multiprotcol
© 2010 NetApp, Inc. This material is intended for training use only. Not authorized for reproduction purposes.
STEP ACTION
12. On the Windows workstation, open Windows Explorer, go to the mapped network drive for unixshare, and view the security of the New Text Document.txt file by performing the following:
a) Right-click the New Text Document.txt file and choose Properties.
b) Click the Security tab and view the UNIX group, user names, and permissions for this file whose file security is UNIX.
In the Group or user names list box, list the first four entries:
____________________________________________________
c) Click the Advanced button in the lower-right corner in the Security tab.
d) Click Change Permissions.
e) In the Advanced Security Settings window in the Permissions tab, select pcuser and click the Edit button. (Do not actually edit the permissions.)
In the Permission Entry window, what permissions does pcuser have?
______________________________________________________
f) Click the Cancel button in the Permission Entry window.
g) In the Advanced Security Settings window, click the Owner tab.
Who are the owners for this text file?
___________________________________________________