By Zhou Qin, from Alibaba Cloud Storage Team
Apsara File Storage NAS Server Message Block (SMB) file system only supports read-only operations when the SMB ACL feature is not enabled. Therefore, root directory permissions cannot be modified.
According to Connect Mount Point of Alibaba Cloud SMB Protocol File System to AD Domain, after enabling the SMB ACL feature, you can modify the root directory permissions.
Note: NAS SMB only supports the SMB protocol but does not support other RPC protocols of Windows. Therefore, if you access NAS SMB by directly using the common network path of Windows file resource manager, \\nas-mount-point.nas.aliyuncs.com\myshare access
, when setting ACL, you will encounter a situation where you cannot determine whether the NAS mount point has joined the domain because of the unavailable RPC server. It is as shown in the following figures:
The document, Mount and Use an Alibaba Cloud SMB Protocol File System from Windows as an AD Domain User, describes that it is required to use the mklink tool for file system mapping and then configure the ACL for the file system mapping. However, this method does not apply to the root directory of the file system, or the ACL cannot be set on the link directory of mklink.
We recommend operating mount disks through the Get-Acl and Set-Acl Powershell commands or the icacls command. The specified example is listed below:
$value = Get-Acl -Path "Z:"# Get properties
$value.Access
# Set properties
$identity = "Administrator"
$fileSystemRights = "FullControl"
$type = "Allow"
# Create new rule
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply new rule
$value.SetAccessRule($fileSystemAccessRule)
$value.Access
Set-Acl $value -Path "Z:"
icacls z:
#Grant full control permissions to a user
icacls z: /grant <user name>:(F)
#Grant full control permissions to the administrator
icacls z: /grant administrator:(F)
icacls z:
#Remove all permissions from a user
icacls z: /remove <user name>
#Remove all permissions from everyone
icacls z: /remove <user name>
icacls z:
Note: You configure the permissions to modify root directories immediately after the file system is created. Otherwise, you must modify subdirectories and subfiles when you run the command because the permissions are inherited from the root directory to the subdirectories.
A Guide to the SMB ACL Superuser Feature of Alibaba Cloud File System
IIS Applications Store Data Directories on Alibaba Cloud SMB File Systems for Elastic Storage
1,076 posts | 263 followers
FollowAlibaba Cloud Community - August 16, 2023
Rupal_Click2Cloud - August 26, 2022
Alibaba Cloud Community - July 7, 2022
Alibaba Cloud Community - July 7, 2022
afzaalvirgoboy - December 26, 2019
Alibaba Clouder - December 20, 2018
1,076 posts | 263 followers
FollowSimple, scalable, on-demand and reliable network attached storage for use with ECS instances, HPC and Container Service.
Learn MoreBlock-level data storage attached to ECS instances to achieve high performance, low latency, and high reliability
Learn MoreProvides scalable, distributed, and high-performance block storage and object storage services in a software-defined manner.
Learn MoreShort Message Service (SMS) helps enterprises worldwide build channels to reach their customers with user-friendly, efficient, and intelligent communication capabilities.
Learn MoreMore Posts by Alibaba Cloud Community