You can try  permission repair job in Isilon & clone permission from path to target path this job will copy all permissions from source to target path.

i take ownership first and then use windows explorer to fix ACLs

chown -R -s MYDOMAIN\\myaccount

this will set folder ownership to my AD account, it's recursive.

hi dynamox,

this did not fix it in our (win-only) environment. the ownership on the folders was set to domain\user1 and user1 was unable to access / fix the ACLs via Windows Explorer

this is a fix to resolve the issue - but why is it only working with internal commands? why does take ownership over windows explorer not work? Is it not supported?

from Isilon cluster webui in protocol tab  select ACL  check settings below and change it to make them inheritable and then try from windows explorer.

ACLs created on directories by UNIX chmod:

Group owner inheritance:

Hi chughh,

we will try to verify this in our lab. Thanks for the input.

Best Regards

Steffen

Von: chughh

Gesendet: Dienstag, 20. Mai 2014 14:09

An: Luetzenkirchen, Steffen

Betreff: Re: - Taking ownership on a folder without any ACLs

ECN

Taking ownership on a folder without any ACLs

reply from chughh in Isilon - View the full discussion

Hi chuggh,

sorry for the late reply. The Settings were already set as statet. it doesn't work anyway.

My current workaround is using the permission repair job with a genericfolder as source to gain access to the affected folder and create new ACLs afterwards.

Hi sluetze,

    A little late here but I hope it is helpful for future viewing/site visitors

A) why does take ownership not work? <-- To allow ownership change for windows clients over SMB you need to allow the user making the change "run-as-root" in the SHARE level permissions list. 

To view current share level permissions run

isi smb permissions list --sharename=myshare (6.5.5.x)

isi smb shares permission view (7.0+)

To modify share level permissions for run-as-root run

isi smb permissions create --sharename=myshare -p run-as-root (6.5.5.x)

isi smb shares permission modify myshare --name=CORP\\myuser --run-as-root=yes (7.0 +)

If you are still having difficulty check to see if you are not part of the Administrators group or the backup operators group if not then you can only change ownership of any filesystem object to:

1) Yourself

2) Administrators group

This is something which needs to be enabled windows side(it a conscious security restriction)

B) is there a way to set ACLs from the CLI? The documentation is listed in the man chmod page (about 3/4 of the way down) which defines each ACE, here is a quick example of the syntax usage:

chmod +a user "CORP\mylogin" allow dir_gen_all,object_inherit,container_inherit /ifs/data/path/to/folder/or/file.txt

If you are adding an ACE for a domain user then you will need to either put quotes around OR escape the backslash character.

Otherwise, if you are referring to PowerShell then it gets more complicated:

The standard way is to define a variable by pulling an ACL from an object which has the ACLs you want defined:

PS C:>$Acl = Get-Acl "C:\Folder_B" Set-Acl "C:\Folder_A" $Acl

Then with the variable defined apply to the object you would like to change

New-Item -type directory -path C:\MyFolder

PS C:>$Acl = Get-Acl "C:\MyFolder"

PS C:>$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("username","FullControl","Allow")

PS C:>$Acl.SetAccessRule($Ar)

PS C:>Set-Acl "C:\MyFolder" $Acl

This can take some  getting use to...

C) do the POSIX rights affect the folder? <--- Only if there are Synthetic ACLs are in use it is one or the other and OneFS makes the translation for instance if you are using ACLs OneFS will translate the ACLs to POSIX mode bits to allow communication with Unix-like clients

so would a chmod 777 on the folder give me a possibility to take ownership / change acls? <-- Please see the reply to question A