Skip to main content
Start a Conversation

Unsolved

Verbunk

4 Posts

2767

April 13th, 2021 15:00

Isilon S3 and SMB/NFS inheritance

Hey Folks, 

Currently getting started with the S3 proto support on recent OneFS. On the FILE side inheritance works well b/w SMB and NFS; on the OBJECT side I cannot get the ACLs working so that groups or users that are not the data writer working in the FILE side.

Is this a known issue? Is there a pattern for one user (mapped to a object proto key set) writing and having either inheritance (from the FILE side) or manually writing ACLs that are honored by LDAP/AD bindings with at least read permissions on the FILE side? 

-J

DELL-Sam L

Moderator

 • 

7.7K Posts

April 14th, 2021 10:00

Hello Verbunk,

Which version of onefs are you using?

Verbunk

4 Posts

April 14th, 2021 10:00

Hey Sam L.

Reached out for the minor version number but I think S3 support has only been in production release for ~2 versions now? Will there be a difference in the two of them? We literally just completed the cluster upgrade to the latest rev last week.

 

-J

DELL-Sam L

Moderator

 • 

7.7K Posts

April 14th, 2021 12:00

Hello Verbunk,

I don’t think there is a difference, but I want to check with your onefs version to be sure. I also want to make sure that there are no known issues with the version of onefs that you are using.

Verbunk

4 Posts

April 14th, 2021 13:00

9.1.0.5

DELL-Sam L

Moderator

 • 

7.7K Posts

April 14th, 2021 16:00

Hello Verbunk,

Here is the link to the Web administrator guide and I would look over chapter 9 which covers data access control. https://dell.to/3tnOwZy

Here are a couple of additional kb’s that you can review as well. https://dell.to/3slHmnr

https://dell.to/3mUHZ6j

Verbunk

4 Posts

April 14th, 2021 17:00

Hi Sam,

Unfortunately the KB articles were not relevant for this issue. 

Restated another way. I have added in bindings to our LDAP/AD provider and configured the object storage proto with various AD users and groups to achieve cross proto (File and Object) read or write but no matter what, objects written to a bucket that is exported as NFS or SMB are not readable by anyone over the file protocols. If an user can access the SMB share, for instance, they can list the files with any '/' being correctly shown as a folder etc. When a user that is in the ACL of the object (verified by pulling the ACL list of the object) tried to open a file they are presented with Access Denied.

DELL-Sam L

Moderator

 • 

7.7K Posts

April 15th, 2021 16:00

Hello Verbunk,

I would open a support case for you issue.

Was this post helpful?

View All

Top