Modifying windows file permission on snapshot.

no, snapshot is read-only. You can take read-write snapshot of a read-only snapshot.

I don't know if some one can help me providing a solution for my situation here.. I have a 2 TB lun which has a windows file share enabled enabled to external domain.. i wanted to take a snapshot of the 2 TB lun and modify the permissions on it to make it use for SQL restores. Creating a readonly snapshot and after taht creating r/w snapshot looks like a big process.. Is there any other solution for this like CIFS or clones?

Yes the files that reside on the 2TB lun's are SQL .BAK files. Those are accesed by external domain servers. We need to bring those files to internal domain servers to make them use for SQL restores. We can't have our internal servers talk to the external servers. So i though i could take a snap shot of it and present it to the internal servers but i can't modify the permission on it. So we are looking at a solution to fix this. I wanted to a snap of CIFS but it also require a r/w snap from a readonly snap which require human intervention always soo...

can you provide more details about this solution, what kind of data resides on this share ? Just SQL backups ?

What is the real problem ?

That these files are written by users in one domain and users from the other (not trusted) domain don’t have the permission to access them ?

Why not put a inheritable ACL on the directory above that grants both domains the necessary rights ?

I’ve never tried it but I don’t see why it wouldn’t work.

If you just need to transfer them off the system (and it isn’t a security problem for your) you could also use a protocol like NFS or CIFS (as root) that can ignore the CIFS ACLs.

I mean we can't give non trusted uses access here as its a securty rule here...

everything can be scripted, permissions can be changed with xcacl/icacls

When you say scripted and changing permission you want me to create a snapshot and create an another R/W snapshot with the script and make use of xcacl/icacls...?

don't have a script but commands are:

first you create regular read-only checkpoint

fs_ckpt fs01 -name ckpt_readonly -Create

next you create read-write  checkpoint

fs_ckpt ckpt_readonly -name ckpt_readwrite -Create -readonly n

Do you have any sample syntax to take a snapshot of a lun and resnap the snapshot as r/w ?

bonnu06 wrote: When you say scripted and changing permission you want me to create a snapshot and create an another R/W snapshot with the script and make use of xcacl/icacls...?

yes