Can Isilon mixed mode authentication be configured to work like native mode permission on Celerra?

The document "EMC ISILON MULTIPROTOCOL DATA ACCESS WITH A UNIFIED SECURITY MODEL" has a good table which translates Windows Access Rights to what OneFS represents that right as with an ls -le. It also shows the associated POSIX mode bits representation of the OneFS synthetic ACE. What I am wondering about is in the WebUI Protocols -> ACLs section there is a configuration option to "chmod on files with existing ACLs" and "Deny permission to modify the ACL."

If this were used, would it provide some similar behavior to Celerra native mode such that UNIX chmod would not make an effective change to the ACL? What they want is no change to the POSIX bits if the ACE is modified and no change to the ACL if POSIX bits are changed. They don't want mixed mode permissions they want independent mode permissions.

This is a useful document. Thanks

And hi Hemanth!

Hello Guys,

Did it finally get solved?

Thanks

If you chose  following options in the WebUI Protocols -> ACLs section  it will minimize the impact from NFS to CIFS.

"chmod on files with existing ACLs" > "Deny permission to modify the ACL."

"chown on files with existing ACLs" > "Do not modify the ACL"

However, selecting "Deny permission to modify the ACL" prohibit chmod on the Isilon system.

Even root can't chmod if above option is chose.

Some application may cause problem if they couldn't skip chmod phase.

Short answer is no.  Isilon does not provide the ability to have independent permissions on the files.  The Isilon system provides true multi-protocol access to a file via NFS or SMB.  If you do not need to access the exact same files, then you could have some files with only UNIX permission and other with ACLs.  Once you have to access the same file via UNIX and Windows, then a single unified set of permissions are created.