Browse Community
Help
Log In
Responses(2)
Solutions(1)
Stdekart
104 Posts
0
June 11th, 2015 13:00
Hello DAVIDF,
Creating a share through the CLI will not default to "Apply Windows default ACLs" as the WebUI does.
If you would like to have them applied the --inheritable-path-acl=yes flag can be used through command line.
I ran through a test just to validate and to show the difference:
Created two directories /ifs/data/user1 and /ifs/data/user2
Prior to creating a share on the directories
isi720x-1# isi smb shares list
Share Name Path
--------------------------------------------
break_it /ifs/data
home /ifs/hdfs/home
ifs /ifs
share1 /ifs/data
share2 /ifs/data
share3 /ifs/data
share4 /ifs/data
test /ifs/test
wmi8test /ifs/scratch/wmi8testinstruments
Total: 9
Checking permissions prior to creating a share
isi720x-1# ls -led user1
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user1
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow default_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
isi720x-1# ls -led user2
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user2
1: group:wheel allow dir_gen_read,dir_gen_execute
Using the --inheritable-path-acl=yes on user 1
isi720x-1# isi smb shares create --path=/ifs/data/user1 --inheritable-path-acl=yes --name=user1
and not on user2
isi720x-1# isi smb shares create --path=/ifs/data/user2 --name=user2
Validating the shares have been created
user1 /ifs/data/user1
user2 /ifs/data/user2
Total: 11
Checking permissions after the shares where created.
Notice user1 changed to default windows ACL's
drwxrwxr-x + 2 root wheel 0 Jun 11 15:05 user1
CONTROL:dacl_auto_inherited,dacl_protected
0: group:Administrators allow dir_gen_all,object_inherit,container_inherit
1: creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only
3: group:Users allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
4: group:Users allow std_synchronize,add_file,add_subdir,container_inherit
user2 remains unchanged
So by default we do not "Apply default windows ACL's" when creating a share through the CLI.
DAVIDF4
4 Posts
June 12th, 2015 06:00
Thanks for the response. That is what I was hoping for.
I need to create a lot of shares for data that I am copying over but didn't want to change the permissions on the folder since the copy also keeps the rights intact.
Dell Support Resources
View All
Top
Stdekart
104 Posts
0
June 11th, 2015 13:00
Hello DAVIDF,
Creating a share through the CLI will not default to "Apply Windows default ACLs" as the WebUI does.
If you would like to have them applied the --inheritable-path-acl=yes flag can be used through command line.
I ran through a test just to validate and to show the difference:
Created two directories /ifs/data/user1 and /ifs/data/user2
Prior to creating a share on the directories
isi720x-1# isi smb shares list
Share Name Path
--------------------------------------------
break_it /ifs/data
home /ifs/hdfs/home
ifs /ifs
share1 /ifs/data
share2 /ifs/data
share3 /ifs/data
share4 /ifs/data
test /ifs/test
wmi8test /ifs/scratch/wmi8testinstruments
--------------------------------------------
Total: 9
Checking permissions prior to creating a share
isi720x-1# ls -led user1
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user1
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow default_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
isi720x-1# ls -led user2
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user2
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow dir_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
Using the --inheritable-path-acl=yes on user 1
isi720x-1# isi smb shares create --path=/ifs/data/user1 --inheritable-path-acl=yes --name=user1
and not on user2
isi720x-1# isi smb shares create --path=/ifs/data/user2 --name=user2
Validating the shares have been created
isi720x-1# isi smb shares list
Share Name Path
--------------------------------------------
break_it /ifs/data
home /ifs/hdfs/home
ifs /ifs
share1 /ifs/data
share2 /ifs/data
share3 /ifs/data
share4 /ifs/data
test /ifs/test
user1 /ifs/data/user1
user2 /ifs/data/user2
wmi8test /ifs/scratch/wmi8testinstruments
--------------------------------------------
Total: 11
Checking permissions after the shares where created.
Notice user1 changed to default windows ACL's
isi720x-1# ls -led user1
drwxrwxr-x + 2 root wheel 0 Jun 11 15:05 user1
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,dacl_protected
0: group:Administrators allow dir_gen_all,object_inherit,container_inherit
1: creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only
2: everyone allow dir_gen_read,dir_gen_execute
3: group:Users allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
4: group:Users allow std_synchronize,add_file,add_subdir,container_inherit
user2 remains unchanged
isi720x-1# ls -led user2
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user2
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow dir_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
So by default we do not "Apply default windows ACL's" when creating a share through the CLI.
DAVIDF4
4 Posts
0
June 12th, 2015 06:00
Thanks for the response. That is what I was hoping for.
I need to create a lot of shares for data that I am copying over but didn't want to change the permissions on the folder since the copy also keeps the rights intact.