Unsolved
This post is more than 5 years old
6 Posts
0
1918
June 12th, 2019 00:00
id mapping
Hello i have an isilon share wich must be accessed by windows AD user through smb and unix local user through nfs.
I have done sid <-> uid mapping in both way with AD user to be used as on disk. So on isilon it appears that everything as the AD user for owner.
Now when i mount the smb share on windows i can create a folder and file. Permission seems rights because my AD user is owner and of course i can access and modify the file.
If i mount the nfs share on linux side the permission seems also right my local user is owner with 700 but when i try to open the file i have a permission denied.
If i create a new file from linux side. I can access and modify it on windows. So it seems that the mapping works only in 1 way...
do you know if it's possible to make it work both way ?
regards
Phil.Lam
3 Apprentice
•
625 Posts
0
June 12th, 2019 16:00
Have you tried making testlin folder 777 via first?
anthonyglidic
6 Posts
0
June 13th, 2019 00:00
Hello,
yes of course with 777 it works.
But i don't want to have 777 permissions everywhere
Phil.Lam
3 Apprentice
•
625 Posts
0
June 13th, 2019 09:00
Just the top folder testlin should be 777 since root wheel on Isilon is prolly the creator of that folder.
anthonyglidic
6 Posts
0
June 13th, 2019 23:00
ok i will test that.
For the moment my last test is:
Create a root folder from windows. Put explicit ACL on it.
Create a subfolder win on it.
And from linux and windows create a test file.
Here is the permission on isilon:
sc-isilon-4# ls -al
total 21
drwxrwx--- + 2 CSGVA\lliadmin CSGVA\domain users 54 Jun 14 08:08 .
drwxrwx--- + 4 CSGVA\lliadmin CSGVA\domain users 42 Jun 14 08:08 ..
-rwxrwx--- + 1 CSGVA\lliadmin CSGVA\domain users 0 Jun 14 08:08 appuser.txt
-rwxrwx--- + 1 CSGVA\lliadmin CSGVA\domain users 15 Jun 14 08:11 win.txt
sc-isilon-4# ls -led appuser.txt
-rwxrwx--- + 1 CSGVA\lliadmin CSGVA\domain users 0 Jun 14 08:08 appuser.txt
OWNER: user:CSGVA\lliadmin
GROUP: group:CSGVA\domain users
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:CSGVA\lliadmin allow inherited file_gen_all,inherited_ace
1: group:Administrators allow inherited file_gen_all,inherited_ace
2: user:CSGVA\lliadmin allow inherited file_gen_all,inherited_ace
3: group:Users allow inherited file_gen_read,file_gen_execute,inherited_ace
sc-isilon-4# ls -led win.txt
-rwxrwx--- + 1 CSGVA\lliadmin CSGVA\domain users 15 Jun 14 08:11 win.txt
OWNER: user:CSGVA\lliadmin
GROUP: group:CSGVA\domain users
CONTROL:dacl_auto_inherited
0: user:CSGVA\lliadmin allow inherited file_gen_all,inherited_ace
1: group:Administrators allow inherited file_gen_all,inherited_ace
2: user:CSGVA\lliadmin allow inherited file_gen_all,inherited_ace
3: group:Users allow inherited file_gen_read,file_gen_execute,inherited_ace
So both files have exactly the same rights.
But at the end:
linux can modify both files
windows can modify only the win file but can only read the lin file...
anthonyglidic
6 Posts
0
June 13th, 2019 23:00
same issue with 777 on root folder.
anthonyglidic
6 Posts
0
June 19th, 2019 05:00
So i finally found a way.
Creating local user on isilon with same uid as linux one.
Create my id mapping rules.
And finally put the right ACL through isilon on root folder with inheriteance.
With that it's finally working