Unsolved
This post is more than 5 years old
1 Rookie
•
33 Posts
0
2987
Permission denied on a sub-directory
Our company has two Isilon's one being used for replication. There is an file-system which is being replicated and an export is created on top of it. The permissions are same on production file system and replicated file system but 'owner/user' is not able to access a sub-directory on replicated file system whereas the same sub-directory on production file system is accessible.
They are just trying to CD into the sub-directory - permission denied. The file system has ACLS on it and has required permissions for 'owner/user'. Any thoughts why this could be happening?
swi1
1 Rookie
1 Rookie
•
33 Posts
0
January 27th, 2016 16:00
Thanks Chris
1)Both the clusters are joined to same AD
2)All the groups and users are AD ones except the root and wheel. The owner of the file system is root but root is not able to access the replicated file system.
crklosterman
450 Posts
0
January 27th, 2016 16:00
@swi
2 guesses / things to check
1. Your auth providers on the target cluster could be different than the source cluster. So make sure that if the source is joined to AD & LDAP that both are configured the same on the other side.
2. Related to #1, You might have local users or groups in the file ACLs on the source, and those local users and groups don't exist on the target, or have different SIDs on the target.
Just off the top of my head that's what I would look for.
~Chris Klosterman
Advisory Solution Architect
EMC Enablement Team
chris.klosterman@emc.com
sluetze
300 Posts
0
January 27th, 2016 23:00
if you are talking about exports you mean NFS?
then i would check the "RFC...." Setting in the authentication Provider.
also Keep in mind that a target of a syncIQ replication is readonly (which should not limit the "cd")
swi1
1 Rookie
1 Rookie
•
33 Posts
0
January 28th, 2016 01:00
hmm. RFC is enabled and map user/group is set to yes.
tsap1
19 Posts
0
January 28th, 2016 06:00
Hi, can we assume that the replicated FS is part of an active SyncIQ policy? If so, you need to allow-writes on the target. Not forgetting to stop scheduling on the source to prevent syncIQ errors.
crklosterman
450 Posts
0
January 28th, 2016 07:00
Gabe,
Allowing writes / pausing SyncIQ isn't necessary for read-only access.
Swi,
I would suggest you open an SR at support.emc.com on this issue to help track it down, it's probably something simple but far faster to troubleshoot through a webex with support than through a community forum like this.
Chris Klosterman
Advisory Solution Architect
EMC Enablement Team
swi1
1 Rookie
1 Rookie
•
33 Posts
0
January 28th, 2016 12:00
Update -
As Chris said its simple issue. We didn't add the clients to root clients on target cluster, it made the root to get permission denied. The user and owner of file-system is root.
Thanks everyone