I have an NFS share that I exported via CIFS as "Users"
I accidently messed up CIFS access and I could use your advice on how to fix it.
Specifically, I accidently set the CIFS permissions from the share level on down to "Read & execute" for my regular AD account and my admin AD account with no other accounts listed.
Since I don't have "Full Control" I don't seem to be able to fix this.
I'd like to
If we're talking file level permissions you may want to consider using a robocopy /secfix option between a checkpoint and the source.. Something like this:
robocopy <source> <dest> /secfix /xo /xn /xc
That should copy the security permissions without copying the data.. The only downside is you may lose any changes to security information which changed from checkpoint to live..
you can use Windows MMC to connect to the CIFS server and modify share permissions there, for ACLs you use Mark's method or manually modify them.
For the "User" share, I was able to add users and give them full control under "Share Permissions" but no under "Security"
To see if this was a VNX wide issue I created a test share; on the test share I was able to add users and give them full control
I was able to connect to my VNX with MMC and was able to change share and security for a test share I created....
What should I do?
what do you see in security tab for User share or can you not even see anything ? Might have to take ownership and reset permissions.
I was worried that taking ownership under Windows would change ownership under NFS -- would it? -- so I didn't try.
Instead, I had EMC 2nd-level support reset the ACLs using:
.server_config server_2 "cifs update /HOME_01 resetacl"
.server_config server_2 "acl reset=/HOME_01"
.server_config server_2 "acl reset=/HOME_01/Users"
After that, share permissions were the same but at the top level (and perhaps below) directory, the trouble-some ACL had been removed and it was now set to Everyone = Full Access.
taking ownership would allow you to modify ACLs that you could not otherwise. Can you look at sub directories of Users, did it reset ACLs there as well ?
Not sure this will help you, but I have a perl quick which takes two files as arguments. The first is a "source". It when clones ACLs from source to target using ls -led and chmod... Not sure if this could be adapted to fit your needs or not..