×
Community Blog A Guide to the SMB ACL Superuser Feature of Alibaba Cloud File System

A Guide to the SMB ACL Superuser Feature of Alibaba Cloud File System

This short article discusses two cases that apply to the SMB ACL superuser feature.

By Zhou Qin, from Alibaba Cloud Storage Team

The Alibaba Cloud file system provides the SMB ACL superuser feature for Server Message Block (SMB) file systems, which allows customers to view and modify any directory or file without changing directory permission. It is convenient for the administrator to manage file systems.

Here are two cases that apply to the SMB ACL superuser feature:

Case 1: Clean up Directories and Files without Permission

For example, Sheep, a company employee, resigns from his job, but he is the only person with accessibility to his directory:

1

In this case, if the administrator wants to delete the directory, it will be denied:

2

Therefore, the administrator needs to change the owner to admin to operate the directory. If there are subdirectories or subfiles, the administrator needs to replace the owner on subcontainers and objects:

3
4

If the super permission feature is enabled for the admin, the directory can be operated without modifying any permission.

Case 2: View Directories and Files without Permission

If Sheep sets it where no one has permission to access the directory except him, the administrator cannot view files of the directory. The administrator must refer to the method in Case 1 to replace the owner with admin first and add the permission before accessing the directory. This will destroy the original permission and affect Sheep's use when the administrator operates on permission.

5

If the super permission feature is enabled for the admin, the directory can be viewed without modifying any permission.

Note: The method above applies to a situation where only one user and one folder need to be modified. If a department has a ton of staff with rapid turnover, its permission setting is complex. If super permission is not configured, the manual operations of the administrator will increase exponentially. Configuring super permission can effectively eliminate manual operations in this part.

Methods of Configuring Super Permission

Please refer to the official document for more information.

Note: Super permission can also be configured as the SID of a group, and then administrators can be added to this super permission group.

0 0 0
Share on

Alibaba Cloud Community

945 posts | 221 followers

You may also like

Comments