This post is more than 5 years old
13 Posts
1
31609
SMB Share permissions
Running, OneFS Version: 7.0.1.4
We have created a test SMB Share, then gave an Active Directory group full control to it.
The problem we are having in our test is that user #1 can only open user #2's document in ready only, they can't edit the document.
Is this by design or am I totally missing the obvious fix,switch, etc.?
Thanks in advanced,
Drew
jdpal
4 Posts
1
April 20th, 2013 10:00
As you probably know a CIFS user's access to a file/folder is the most restrictive combination of the CIFS share's permissions for that user or his/her groups, and the file/folder level permissions. In Windows those are your NTFS permissions, in Isilon they are implemented using extended ACLs which mimic the NTFS permissions.
Here's what you should do.
1. For the share, allow the "run as root" permission to a Windows account you have control over. Also make sure the share level permissions are correct for the users, e.g. if the user requires writing a file don't give them or their group a read-only share permission.
2. Unmount/remount the share as the account you used in #1. You should be able to do anything you want in the share regardless of filesystem permissions because now you are considered root
3. Using Windows open the folder's properties, in the security tab remove all the ACLs currently in there and create the permissions you want the folder to have.
4. When done remove the run as root permission from the share
5. User access to the share should work as expected.
Edit: I don't like the "Use Default ACLs" option for creating an SMB share. Just use the method above for setting permissions manually, there is much less room for error.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
April 10th, 2013 12:00
share permissions are ok (in addition to directory ACLs) ?
ddenson
13 Posts
0
April 10th, 2013 13:00
Share permissions are set to full access for the group.
NTFS ACL = Sytem default
We haven't made any changes to these setting, these are the defaults that came with the system.
ddenson
13 Posts
0
April 16th, 2013 09:00
I made the suggested changes and my users can only edit items that they have created in that share.
I want them to be able to edit/delete items other users have created.
emc402606
10 Posts
0
April 16th, 2013 09:00
Hi,
I have the same problem with the same version of OneFS.
But, my users can read/write when I select other permission on "file system explorer" on selected folder: Unix Permission: root/Wheel to Nobody/Users.
Jérôme
ddenson
13 Posts
0
April 20th, 2013 11:00
Thank you, I'll give it a shot Monday.
ddenson
13 Posts
0
April 23rd, 2013 07:00
I haven't had a chance to take a look yet, hopefully later today.
Thanks for all the help so far.
MRWA
83 Posts
0
April 23rd, 2013 07:00
How did it go?
ddenson
13 Posts
0
April 23rd, 2013 08:00
This worked like a charm, I couldn't find the right combination to get it to work.
This should be a sticky note.
Thanks again all, great forum!
ddenson
13 Posts
0
April 23rd, 2013 08:00
It worked!