UNIX users denied access to files they just created?

UNIX users are getting access denied in response to files and folders that they just created on an Isilon NFS export, how can that be?

Responses(1)

ScottPhelps

31 Posts

0

June 28th, 2013 10:00

What is happening is that the user doesn't have access to the files because they are not in the Windows groups that have been allowed access to the folder. Confusion results because an NFS user, even if they are root, can't see the Windows ACL, but only the POSIX bits.

If a folder has an ACL that contains both Windows ACEs and UNIX ACEs, by default ONLY the Windows ACEs will be inherited. What that means is that UNIX users can create a file, but then not have access to the file they just created.

If you run ls -al you can see what directories and files have an ACL applied. A "+" sign indicates and ACL. You can tell what ACEs are in the ACL by using the special flag on the ls command (ls -le) from the Isilon cluster command line. The "-e" allows you to see all of the ACEs within an ACL.

To fix this problem, there is a button in the OneFS WebUI under:

Protocols / ACLs / ACL Policies that allows you to "make ACLs created on directories by UNIX chmod" inheritable.

View All

No Events found!