(26 September 2006)
Every so often, you'll be on a a unix box, that mounts data from a filer, that may also be access by a windows host. The windows host may have applied an acl to the data. Then, as root, you'll try to copy, move, or otherwise access this data, only to get access denied. Even as root, on an export that allows root access from the host you are on. What gives?
This is normal. NetApp tries to be more secure then not, so even as root, you have to comply with acl rules. The systems administrator way around this is to set an option on the filer, which allows root to ignore cifs acls.
options cifs.nfs_root_ignore_acl on
Set this option to on, and you are free to transverse any cifs acl with no delays. Use with caution, but if you have root, you probably know what you are doing.
Optional: Don't forget the reverse option (which makes NT admins root):
options wafl.nt_admin_priv_map_to_root on
(
Source)
Caviat: If you do this, anyone who is a Domain Admin will be mapped to root. So their files will be created by and manipulated by root. This might not be what you want.
Something Else: beware that if you are looking at this through a Windows box accessing a CIFS share, the permissions on the CIFS share have to permit the administrative user to connect before that user can ignore ACLs. In other words: a CIFS share ACL can deny an administrative user access to the filesystem.