Administration Guides

Solution Guide - Script Download Examples

Home



Script Example Tools 

  • Tested with Powershell on Windows Server 2012 R2  (PowerShell 4.0)

Solution to retrieve list of directories with Not Inherited ACL Flag:

This solution will find directories that have the inheritance disabled option in the file system blocking ACL's from flowing down the file system. This can cause unexpected access to files or block access to parts of the file system. This solution will help identify where this flag is disabled.

Eyeglass Search & Recover - Creating Script

  1. Login to Eyeglass Search & Recover
  2. Enter type:directory as the search keyword

  1. Eyeglass Search & Recover will return the list of directories
  2. Click CMD Writer Icon

  1. Configure the script content:

  1. In First CMD section, enter: “Get-Acl -Path
  2. Select “File Location”
  3. In Second CMD section, enter: “| select path,owner -ExpandProperty access | where { !$_.IsInherited } | export-csv -path c:\scripts\output2.csv -Append
  4. In Script format, select “Plain”
  5. Check the Surround File location in quotes.  This will allow a path with spaces to be handled correctly in the script.
  6. Click CREATE For All button
  7. Rename the downloaded file  with a .ps1 extension

  1. Save the modified powershell script
  2. Run the script and the output2.csv will content the list of directories with Not Inherited flag
  3. See example output below

Solution to retrieve list of directories with “Everyone” ACL:

This solution will help find ACL entries that list Everyone, this ACL entry may over expose data and should be used to locate and address potentially over exposed data.

Eyeglass Search & Recover - Creating Script

  1. Login to Eyeglass Search & Recover
  2. Enter type:directory as the search keyword

  1. Eyeglass Search & Recover will return the list of directories
  2. Click CMD Writer Icon

  1. Configure the script content:

  1. In First CMD section, enter: “Get-Acl -Path
  2. Select “File Location”
  3. In Second CMD section, enter: “| select path,owner -ExpandProperty access | where {$_.IdentityReference -like "*Everyone*"} | export-csv -path c:\scripts\output2.csv -Append
  4. Check the Surround File location in quotes.  This will allow a path with spaces to be handled correctly in the script.
  5. Click CREATE For All button
  6. Rename the downloaded file  with a .ps1 extension

  1. A powershell script file will be generated and downloaded
  2. Save the modified powershell script
  3. Run the script and the output2.csv will content the list of directories “Everyone” ACL

Solution to find Deleted AD user files

When a user is deleted in AD the file ownership on disk will display a UID that will no longer resolve to a friendly name.


  1. This requires clear the PowerScale user cache before running the script.   This should be done in off peak hours since the cluster will need to resolve users to names once the cache is flushed.
    1. isi auth user flush
  2. Search for files in a directory administrator login so that file path entry screen is shown (note a search administrator is added using the CLI commands)

    1. This will return all files at this path and below (note this can create a very large result)  You may need to edit the script file to delete rows for directories you do not need to search)
  3. Click the script editor icon above the search results
  4. Enter find into the first script content field
  5. Then enter -ls | awk '{print $5"\t\t"$12}' | grep "10"     (note this will find all UID's that start with 10)
  6. Now download by clicking the create for all button
  7. Copy this shell script to the cluster and make the file executable with chmod 777 file name
  8. Now run the file.
  9. NOTE: this may take some time to run on a lot of files only file names that have a UID in the file system will be output to the console as the script runs.  You can modify this script to log results to a file as required.
  10. Done any file with a UID is not resolved by the cluster and is likely a deleted user in Active Directory.


How to move or copy search results to a staging area on the Cluster


  1. This solution allows searching for files and then copy or move them to a staging area. This could be used for legal discovery of data or archive the data.  The key is being able to retain the folder structure of the files in the search results, along with permissions, ownership of the files.   The archive requirement can use Superna Eyeglass Golden Copy to sync the staging folder to S3 storage for long term archive and protect the file system metadata of the files using S3 properties.. 
  2. Execute Seach with the advanced search interface using any of the available search options example find all files with last accessed > 6 months or last modified > 1 year as an example.
  3.  
  4. Now click the command writer creator
    1. If you want to "Move" the search result files to the staging path in this example /ifs/data/staging (the staging directory must already exist) then paste the following into the first box rsync -axuvR --delete-after --progress    and then paste /ifs/data/staging into the second box.  Now click the "create for all" button that will create a bash script for all search results and download the file to your PC.
      1.  Change to "Copy" The --delete-after flag treats the copy like a move and this parameter is removed it will be a copy.  To copy versus move paste the following into the first box rsync -axuvR --progress 
    2.  
  5. Edit the .sh file that is downloaded to verify all the files in the file that will be processed.
  6. Copy the .sh file to the cluster as root user. use SCP to copy the file or another method.
  7. ssh to the cluster as root user where the script is located
  8. chmod 777 script name
  9. ./<script name>     
  10. Verify script executes and then verify the target location has the files.
  11. ls /opt/data/staging
  12. If using Golden Copy create a sync folder definition with an S3 target to sync all new files copied to the staging path on a schedule.
  13. Done

© Superna LLC