Unsolved
This post is more than 5 years old
7 Posts
0
5379
How do I fix CIFS on VNX after I messed up permisisons rather badly?
I have an NFS share that I exported via CIFS as "Users"
I accidently messed up CIFS access and I could use your advice on how to fix it.
Specifically, I accidently set the CIFS permissions from the share level on down to "Read & execute" for my regular AD account and my admin AD account with no other accounts listed.
Since I don't have "Full Control" I don't seem to be able to fix this.
I'd like to
Any ideas?
Thanks!
-Chris
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 4th, 2013 19:00
share permissions or folder permissions ?
cincystorage
2 Intern
2 Intern
•
467 Posts
0
March 4th, 2013 19:00
If we're talking file level permissions you may want to consider using a robocopy /secfix option between a checkpoint and the source.. Something like this:
robocopy /secfix /xo /xn /xc
That should copy the security permissions without copying the data.. The only downside is you may lose any changes to security information which changed from checkpoint to live..
Chris_______
7 Posts
0
March 5th, 2013 13:00
Dynamox:
I think I need to fix both.
Can we start with share permissions? How do I fix those?
THANKS!
-Chris
dynamox
2 Intern
2 Intern
•
20.4K Posts
1
March 5th, 2013 13:00
you can use Windows MMC to connect to the CIFS server and modify share permissions there, for ACLs you use Mark's method or manually modify them.
Chris_______
7 Posts
0
March 5th, 2013 15:00
Hi Dynamox:
For the "User" share, I was able to add users and give them full control under "Share Permissions" but no under "Security"
To see if this was a VNX wide issue I created a test share; on the test share I was able to add users and give them full control
I was able to connect to my VNX with MMC and was able to change share and security for a test share I created....
What should I do?
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 5th, 2013 16:00
what do you see in security tab for User share or can you not even see anything ? Might have to take ownership and reset permissions.
Chris_______
7 Posts
0
March 6th, 2013 09:00
Hi Dynamox,
I was worried that taking ownership under Windows would change ownership under NFS -- would it? -- so I didn't try.
Instead, I had EMC 2nd-level support reset the ACLs using:
.server_config server_2 "cifs update /HOME_01 resetacl"
.server_config server_2 "acl reset=/HOME_01"
.server_config server_2 "acl reset=/HOME_01/Users"
After that, share permissions were the same but at the top level (and perhaps below) directory, the trouble-some ACL had been removed and it was now set to Everyone = Full Access.
Thanks!
-Chris
Chris_______
7 Posts
0
March 6th, 2013 10:00
Mark,
A perl script to fix ACLs would be awesome!
Any suggestions on how I should set the share permissions, ACLs on the share, and ACLs on the user home directories?
THANKS!
-Chris
Chris_______
7 Posts
0
March 6th, 2013 10:00
Dynamox:
Access based enumeration sounds awesome -- how do I activate it for the share?
Thanks!
-Chris
cincystorage
2 Intern
2 Intern
•
467 Posts
0
March 6th, 2013 10:00
Not sure this will help you, but I have a perl quick which takes two files as arguments. The first is a "source". It when clones ACLs from source to target using ls -led and chmod... Not sure if this could be adapted to fit your needs or not..
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 6th, 2013 10:00
use AD groups as much as possible, also take a look at access based enumeration as it can simplify your share structure. It depends on your requirements/environment.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 6th, 2013 10:00
taking ownership would allow you to modify ACLs that you could not otherwise. Can you look at sub directories of Users, did it reset ACLs there as well ?
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
March 6th, 2013 11:00
if you search support.emc.com you will find the utility (emcabe.exe) and the corresponding readme file that explains how to us it.