Unsolved
This post is more than 5 years old
78 Posts
0
5938
windows ACL - System user on Isilon, emcopy
Hello Everyone,
I am noticing an ACL on windows data (shown below in picture) which resides on Isilon that has full control and i am not sure if i am able to access the data using that account although i log in to the server in which i am accessing the data using my own account but not 'SYSTEM' account. I dont see any other groups or users which can provide permissions for me to access the data on smb share and 'SYSTEM' is the only account that i have no idea about. There are no groups on windows share created on Isilon except everyone with full control and the permissions are actually managed with AD groups on files and folders.
Is this account an built account on Isilon ? I did use isi auth command but i cant find it on Isilon or i might be using a wrong command ?
Has anyone come across this before or any idea how to figure this out, please help me out
Below is the output from the cluster
# isi auth mapping list --source-group=system
Type Mapping
---------- ---------------------------------------------------------------------------------------------------------------------------------------------------------
Name SYSTEM
On-disk None
Unix uid None
Unix gid None
SMB None
NFSv4 None
# isi auth groups view --group=SYSTEM
Failed to find group for 'GROUP:SYSTEM': No such group
# isi auth mapping token --user=SYSTEM
Failed to map user 'SYSTEM': No such user
johnsonka
130 Posts
0
September 18th, 2015 10:00
Hello YCAH ,
Thank you for your question! The SYSTEM account is something that is coming over from Windows, can you let us know a few more things so we can better help you?
Can you also provide us with a full set of share permissions and file system level permissions for this path? Please let us know if there is anything else we can help you with!
yogad
78 Posts
0
September 19th, 2015 12:00
Hi Katie,
emcopy S:\ T:\ /c /o /a /secfix /s /de /r:0 /w:1 /preserveSIDh /purge /log:dirlog1.txt
johnsonka
130 Posts
0
September 22nd, 2015 11:00
Hello,
The ACLs that you are seeing are coming from the Windows OS. For the most part, they could be removed as they are primarily used when you have a standalone Windows installation. I would caution removing anything that pertains to CREATOR_OWNER as they may impede access to users files.
Additionally, a NAS platform will ignore these ACLs as they are meant for Windows. They will be ignored on the cluster and I expect the same would be true on a platform such as VNX.
As for any AD groups added to the permission set, I cannot speak to these if they are not also present on the cluster. Do you see the other AD groups in the permission set on the cluster?
yogad
78 Posts
0
September 26th, 2015 17:00
The AD groups are not defined on cluster. THe windows server that i am using is not a standalone windows installation. I dont see 'SYSTEM' account present on all the shares that are mapped to the windows server i am using, not sure why it appears only in one particular share