Unsolved
This post is more than 5 years old
2 Posts
0
2723
Can Isilon mixed mode authentication be configured to work like native mode permission on Celerra?
Can we configure Isilon so that a change in permissions on a file system object in NFS has no impact on permissions in CIFS and a change in permissions on a file system object in CIFS has no impact on permissions in NFS just like Celerra?
Hemanth2
12 Posts
0
March 13th, 2013 11:00
I have been facing the same scenario as well...
No it does not work that way, you will have a approximation of permissions on the unix side.
If you have ntfs permissions Everyone full control on the celerra then may be you can try changing it to Authenticated users and see how it behaves on the unix side .
Everyone full control = 777 on the unix side
Authenticated Users = ?
I think if this works then its better than having 777, i may be not sure but you can try testing out
kmgtpezy
2 Posts
0
March 13th, 2013 13:00
The document "EMC ISILON MULTIPROTOCOL DATA ACCESS WITH A UNIFIED SECURITY MODEL" has a good table which translates Windows Access Rights to what OneFS represents that right as with an ls -le. It also shows the associated POSIX mode bits representation of the OneFS synthetic ACE. What I am wondering about is in the WebUI Protocols -> ACLs section there is a configuration option to "chmod on files with existing ACLs" and "Deny permission to modify the ACL."
If this were used, would it provide some similar behavior to Celerra native mode such that UNIX chmod would not make an effective change to the ACL? What they want is no change to the POSIX bits if the ACE is modified and no change to the ACL if POSIX bits are changed. They don't want mixed mode permissions they want independent mode permissions.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 18th, 2013 07:00
This is a useful document. Thanks
And hi Hemanth!
gshah1
27 Posts
0
June 3rd, 2013 14:00
Hello Guys,
Did it finally get solved?
Thanks
Go.Y
2 Intern
2 Intern
•
293 Posts
0
June 3rd, 2013 21:00
If you chose following options in the WebUI Protocols -> ACLs section it will minimize the impact from NFS to CIFS.
"chmod on files with existing ACLs" > "Deny permission to modify the ACL."
"chown on files with existing ACLs" > "Do not modify the ACL"
However, selecting "Deny permission to modify the ACL" prohibit chmod on the Isilon system.
Even root can't chmod if above option is chose.
Some application may cause problem if they couldn't skip chmod phase.
AndrewChung
132 Posts
2
June 11th, 2013 00:00
Short answer is no. Isilon does not provide the ability to have independent permissions on the files. The Isilon system provides true multi-protocol access to a file via NFS or SMB. If you do not need to access the exact same files, then you could have some files with only UNIX permission and other with ACLs. Once you have to access the same file via UNIX and Windows, then a single unified set of permissions are created.