Community Blog How to Modify Root Directory Permissions of the Alibaba Cloud File System NAS SMB

How to Modify Root Directory Permissions of the Alibaba Cloud File System NAS SMB

This article explains how to modify root directory permissions of the Alibaba Cloud file system (NAS SMB).

By Zhou Qin, from Alibaba Cloud Storage Team

Apsara File Storage NAS Server Message Block (SMB) file system only supports read-only operations when the SMB ACL feature is not enabled. Therefore, root directory permissions cannot be modified.

According to Connect Mount Point of Alibaba Cloud SMB Protocol File System to AD Domain, after enabling the SMB ACL feature, you can modify the root directory permissions.

Note: NAS SMB only supports the SMB protocol but does not support other RPC protocols of Windows. Therefore, if you access NAS SMB by directly using the common network path of Windows file resource manager, \\nas-mount-point.nas.aliyuncs.com\myshare access, when setting ACL, you will encounter a situation where you cannot determine whether the NAS mount point has joined the domain because of the unavailable RPC server. It is as shown in the following figures:


The document, Mount and Use an Alibaba Cloud SMB Protocol File System from Windows as an AD Domain User, describes that it is required to use the mklink tool for file system mapping and then configure the ACL for the file system mapping. However, this method does not apply to the root directory of the file system, or the ACL cannot be set on the link directory of mklink.

We recommend operating mount disks through the Get-Acl and Set-Acl Powershell commands or the icacls command. The specified example is listed below:

Operate Root Directory through Get-Acl and Set-Acl Powershell Commands

$value = Get-Acl -Path "Z:"# Get properties


# Set properties
$identity = "Administrator"
$fileSystemRights = "FullControl"
$type = "Allow"
# Create new rule
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
# Apply new rule


Set-Acl $value -Path "Z:"

Operate Root Directory through icacls Command

icacls z:
#Grant full control permissions to a user
icacls z: /grant <user name>:(F)
#Grant full control permissions to the administrator
icacls z: /grant administrator:(F)
icacls z:
#Remove all permissions from a user
icacls z: /remove <user name>
#Remove all permissions from everyone
icacls z: /remove <user name>
icacls z:


Note: You configure the permissions to modify root directories immediately after the file system is created. Otherwise, you must modify subdirectories and subfiles when you run the command because the permissions are inherited from the root directory to the subdirectories.

0 0 0
Share on

Alibaba Cloud Community

896 posts | 201 followers

You may also like


Alibaba Cloud Community

896 posts | 201 followers

Related Products