This post is more than 5 years old
127 Posts
0
27819
Isilon folder permissions
Any idea how do I set permissions for "other" as r-x on folders and r-- for files inside a folder "Testfolder1" in Unix ? This is a special requirement from the business.
I have set permissions like this "chmod +a everyone allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit Testfolder1" and it correctly sets the permissions r-x for folders for position "others" but files also getting r-x permissions. For only files, how to set the permissions to be at r-- ?
cadiletta
106 Posts
0
December 17th, 2014 10:00
In your description, you are mixing the two different permission sets, and I'd like to inquire as to why?
All files and folders on the cluster have a Unix-style permission set - RWX set for 3 different groups of users, the owner, the owner's group, and everyone. These can also be represented as a number and set as such. For instance the Read and Execute permissions would be 0555 - resulting in dr-xr-xr-x for a directory. Then the files would be set to 0444 for -r--r--r-- permissions. That would be the POSIX permission set and OneFS would then translate this with simulated ACLs for any SMB connections looking for access to these files.
Now you are doing the chmod +a command to specify an AD group and set ACLs explicitly on the directory and files. The default behavior as you describe is that setting a directory permissions automatically sets all of the files within that directory to the same set. The resulting POSIX indications are what you are looking for, but they are generated based on your ACL selection.
Therefore - if all you are concerned about is the POSIX settings - NFS users, or are simply trying to script this action for other directories... you can use a series of chmod commands to specify these permissions. You would specifiy the directory permissions first, then a chmod command would have to be run on all the files within that directory to remove the execute permissions from those files.
If you are specifically looking for the ACLs you specified in an SMB environment - you could browse to that folder from a Windows client with access rights to the permissions and right click the folder, set the permissions from the properties window. Then get properties on the files within the folder and from the properties window on those files, remove the execute permission. This should result in the same thing. If you try this method, you can go back into the folder from an SSH connection to the cluster and use "ls -la" to see the resulting permissions of the files.
paul_schuette
3 Posts
1
December 17th, 2014 11:00
In addition to the great information provided by Chris I wanted to add that the reason the files and folders are getting the same permissions is due the inheritance ACLs on the parent.
object_inherit applies to files
container_inherit applies to folders
If you are looking to set child permissions using ACLs they should be re-applied with this in mind.
chughh
122 Posts
1
December 17th, 2014 18:00
Hello Narahari,
Good Day !! You can run command below from absolute path to change file permission to 400 (r--).
find . -type f -exec chmod 400 {} \;
Thanks
chughh
122 Posts
0
December 17th, 2014 23:00
Sorry I missed folder permission. You need to change 755 as required.
find . -type d -exec chmod 755 {} \;
peglarr
99 Posts
0
December 22nd, 2014 07:00
There is a good (albeit somewhat dated, but it still applies) white paper on multiprotocol access and permissions/ACLs below. Also, you might consider using the PermissionRepair job to do bulk changes to permissions/ACLs - much more efficient than running 'find'. Enjoy!
http://www.emc.com/collateral/software/white-papers/h10920-wp-onefs-multiprotocol.pdf?_ga=1.268063950.1179417056.1345128409
Narahari1
127 Posts
0
December 22nd, 2014 07:00
Cadiletta, thanks for the detailed explanation. It is a business requirement to have all file permissions set as "r--" for "others" so everyone in windows/unix have read permissions and for folders the "others" in unix have "r-x" so that they can "CD in/out" of the folders. The folder I worked on was a Multiprotocol folder and I was not able to get the required permission results for files with simple "chmod 0755" command or using ACl type permission setting like this "chmod +a everyone allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit Testfolder1" as this automatically grants folders and files r-x permissions for "others". Lateron I findout from support that the POSIX bits in unix does not matter at all for Multiprotocol setup and the permissions has to be setup using ACLs.
paul_schuette, thanks, I tried this commands individually on the folder to see if I can specify two separate ACLs, but it merges both commands.
chmod +a everyone allow dir_gen_read,dir_gen_execute,container_inherit xtest2
chmod +a everyone allow dir_gen_read,dir_gen_execute,object_inherit xtest2
chughh, thanks, I will try the suggestion. "find . -type f -exec chmod 400 {} \;"