This post is more than 5 years old
8 Posts
1
9370
October 3rd, 2014 12:00
Access Based Enumeration on Isilon SMB Shares
Hello all, I'm hoping someone can assist me with this...
I'm installing an Isilon Cluster for a client:
- They're not using AD or a File Provider, or anything like that.
- I've created Users in OneFS and placed them in Groups and allowed all groups full access to a specific share.
I'm seeing 3 separate commands to enable Access Based Enumeration in the Command Reference Guide:
- isi smb settings global modify --access-based-share-enum
- isi smb settings shares modify --access-based-enumeration
- isi smb shares modify --access-based-enumeration
It's quite confusing so I just enabled all three in the order above. I'm not sure where to go from here - I've tried using chmod on a group to give access to specific folders within the share but the users in the group are still able to see, read and write to all of the folders. What I want is for someone to be able to mount the share in Windows, but just see and access folders I've specified.
Would really appreciate some help with this, please and thanks!
- Cyrus
dynamox
9 Legend
•
20.4K Posts
0
October 3rd, 2014 13:00
Did you set windows ACLs ?
cyrushira
8 Posts
0
October 3rd, 2014 13:00
No I haven't. How would I do that (sorry I'm a bit ignorant when it comes to this kind of stuff).
sanadministrato
6 Posts
0
October 3rd, 2014 14:00
Has the group who are able to see all files and write to it have root permissions on the share?
Sent from my iPhone
cyrushira
8 Posts
0
October 3rd, 2014 14:00
No, none of the groups I've added to the share have root permissions. But, they do have full access.
I guess that wouldn't matter if ABE is setto global because it would hide all of the folders in the share until I provide access to them, correct?
cyrushira
8 Posts
0
October 6th, 2014 10:00
Thanks so much for the detailed explanation masenf! I'll give this a try.
What would be the result if I accessed these shares via smb from an NFS client (OSX)? Would the POSIX bits then mimic the ACL?
cyrushira
8 Posts
0
October 6th, 2014 11:00
Understood. I'll see what the result is on my end. Thanks again.
cyrushira
8 Posts
0
October 7th, 2014 12:00
I figured that would be the case. Thanks for the quick response. Much appreciated.
- Cyrus
cyrushira
8 Posts
0
October 7th, 2014 12:00
Hi masenf,
chgrp and chown are change commands - What if I have multiple groups that would need to see the same folders within the share?
For example, doing chgrp /ifs/abe1/dir4 for each group would just continue to overwrite the previous setting? Have I missed something?