Be aware that when creating files on an NFS store or making directories, the umask setting may not reflect properly in your NFS permissions.
When using multiprotocol to access files and directories on Isilon you have to be keenly aware of any inherited permissions that you may get from the SMB side. ACL's or more specifically ACE's can drastically affect the Unix permissions that are seen on at the NFS partition.
The Posix permissions are artificially generated based on the ACL's of the files. You have to pay particular attention to the files ACE's when there is an ACL on the directory or file. Inherited permissions can cause issues with files as they are generated.
If you are expecting the umask setting to work properly the best way to do this is to remove ACL's on the directories and files inside of your NFS filesystems. This will allow all Posix permissions to work as normal and as expected. The minute you apply an ACL to one of these files then your Posix permissions are generated based on the ACE and not based on the Posix permissions as expected.
This paper explains how the unified security model of EMC Isilon OneFS 6.5.5 resolves mismatches between the permissions of Windows and UNIX systems while preserving the security of files and satisfying the expectations of users.
August 2012
Dealing with umask: left as exercise to the reader ;-)
MontyBolinger
20 Posts
0
September 3rd, 2013 05:00
Be aware that when creating files on an NFS store or making directories, the umask setting may not reflect properly in your NFS permissions.
When using multiprotocol to access files and directories on Isilon you have to be keenly aware of any inherited permissions that you may get from the SMB side. ACL's or more specifically ACE's can drastically affect the Unix permissions that are seen on at the NFS partition.
The Posix permissions are artificially generated based on the ACL's of the files. You have to pay particular attention to the files ACE's when there is an ACL on the directory or file. Inherited permissions can cause issues with files as they are generated.
If you are expecting the umask setting to work properly the best way to do this is to remove ACL's on the directories and files inside of your NFS filesystems. This will allow all Posix permissions to work as normal and as expected. The minute you apply an ACL to one of these files then your Posix permissions are generated based on the ACE and not based on the Posix permissions as expected.
Peter_Sero
4 Operator
•
1.2K Posts
1
September 3rd, 2013 06:00
Great White Paper here:
https://support.emc.com/docu42659_White-Paper:-EMC-Isilon-Multiprotocol-Data-Access-with-a-Unified-Security-Model-for-SMB-and-NFS.pdf
Abstract
This paper explains how the unified security model of EMC Isilon OneFS 6.5.5 resolves mismatches between the permissions of Windows and UNIX systems while preserving the security of files and satisfying the expectations of users.
August 2012
Dealing with umask: left as exercise to the reader ;-)
-- Peter
MontyBolinger
20 Posts
0
September 5th, 2013 13:00
Thanks Peter. This is very good.
I also found this just posted. It is the short version of it.
https://emc--c.na5.visual.force.com/apex/KB_BreakFix_1?id=kA1700000000Qic&popup=true
Peter_Sero
4 Operator
•
1.2K Posts
0
September 5th, 2013 21:00
For me, the SF URL to article is:
https://emc--c.na5.visual.force.com/apex/KB_BreakFix_1?id=kA1700000000Qom&popup=true
That SF stuff is really useful, but the site is technically a bit weird..
-- Peter