PowerScale:Isilon:OneFS:如何处理 SMB 复制和移动文件和文件夹时的权限
Summary: 如何处理 SMB 复制和移动文件和文件夹时的权限
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
复制或创建操作 (复制/粘贴):
Copy 操作示例:正在将包含子文件“sourcefile”的目录“source”复制到目录“target”
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory “source” to directory “target” using AD user SMB administrator@isilon.com :
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source<<<< user/group ownership of the user who performing the copy operation OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<<
inherited ACE from parent directory “target”
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<<inherited ACE from parent directory “target”
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile<<<< user/group ownership of the user who performed the copy operation
所有者:user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory “target” 1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory “target”Note:
来自源的 ACE 不会保留/复制到复制的目录/文件(例如:user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
移动操作示例:将包含子文件“sourcefile”的目录“source”移动到目录“target”
1。用户 administrator@isilon.com 对“source”目录和“sourcefile”子文件至少具有“读取和std_write_dac”权限。
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“源”移动到目录“目标”后:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit ACE retained from the source 1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
<<<< 2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child ACE retained from the source 3: group:wheel allow dir_gen_read,dir_gen_execute<<<< ACE retained from the source 3: group:wheel allow , ACE retained from the source
<<<<
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace inherited ACE from parent directory “target”
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace<<<< inherited ACE from parent directory “target” # ls -led target/source/sourcefile <<<<
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<<user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<<从源
1 保留的 ACE: user:ISILON\administrator 允许从源 2 继承的 file_gen_read,std_write_dac,inherited_ace <<<< ACE: user:ISILON\administrator 允许从父目录“target”继承的 file_gen_all,inherited_ace 继承的 ACE
<<<<
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace<<<< inherited ACE from parent directory “target”
2.用户 administrator@isilon.com 具有除对“source”目录和“sourcefile”子文件的“std_write_dac”权限以外的全部权限:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,
dir_gen_execute # ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“source”移动到目录“target”后:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<<从源
保留的 ACE 1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: 每个人都允许dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:
wheel control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
注意: 没有从父目录“目标”继承的 ACE。(例如:user:ISILON\targetuser)
- 用户/组所有权:复制的目录和子文件将获得执行复制操作的用户的所有权。
- 访问控制条目 (ACE):
- 来自源的 ACE 不会保留/复制到复制的目录和子文件。
- 带有继承标志的 ACE 从目标父目录继承到复制的目录和子文件。
移动操作 (剪切/粘贴):源目录/子文件的权限控制目标权限
- 用户/组所有权:移动的目录和子文件保留源的所有权。
- 访问控制条目 (ACE):
- 来自源的 ACE 将保留/复制到移动的目录和子文件中。
- 父目标目录上具有继承标记的 ACE:
- 如果执行的用户对源目录和子文件具有“std_write_dac”权限,则会继承 ACE。
- 如果执行的用户对源目录和子文件具有除“std_write_dac”权限以外的全部权限,则由于潜在的安全违规,ACE 将不会 被继承。
Copy 操作示例:正在将包含子文件“sourcefile”的目录“source”复制到目录“target”
- Source directory:
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
- 源目录中的子文件:
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 11:29 source/sourcefileOWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
- 目标父目录:
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory “source” to directory “target” using AD user SMB administrator@isilon.com :
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source<<<< user/group ownership of the user who performing the copy operation OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<<
inherited ACE from parent directory “target”
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<<inherited ACE from parent directory “target”
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile<<<< user/group ownership of the user who performed the copy operation
所有者:user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory “target” 1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory “target”Note:
来自源的 ACE 不会保留/复制到复制的目录/文件(例如:user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
移动操作示例:将包含子文件“sourcefile”的目录“source”移动到目录“target”
1。用户 administrator@isilon.com 对“source”目录和“sourcefile”子文件至少具有“读取和std_write_dac”权限。
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“源”移动到目录“目标”后:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit ACE retained from the source 1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
<<<< 2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child ACE retained from the source 3: group:wheel allow dir_gen_read,dir_gen_execute<<<< ACE retained from the source 3: group:wheel allow , ACE retained from the source
<<<<
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace inherited ACE from parent directory “target”
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace<<<< inherited ACE from parent directory “target” # ls -led target/source/sourcefile <<<<
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<<user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<<从源
1 保留的 ACE: user:ISILON\administrator 允许从源 2 继承的 file_gen_read,std_write_dac,inherited_ace <<<< ACE: user:ISILON\administrator 允许从父目录“target”继承的 file_gen_all,inherited_ace 继承的 ACE
<<<<
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace<<<< inherited ACE from parent directory “target”
2.用户 administrator@isilon.com 具有除对“source”目录和“sourcefile”子文件的“std_write_dac”权限以外的全部权限:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,
dir_gen_execute # ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“source”移动到目录“target”后:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<<从源
保留的 ACE 1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: 每个人都允许dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:
wheel control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
注意: 没有从父目录“目标”继承的 ACE。(例如:user:ISILON\targetuser)
Additional Information
- 用户需要共享级别的读/写权限才能复制或移动文件夹或文件。
- std_write_dac:在对象的安全描述符中修改 DACL 的权限。
- 权限包括std_write_dac 权限:file_gen_all、dir_gen_all、std_required和修改。
Affected Products
PowerScale OneFSProducts
PowerScale OneFSArticle Properties
Article Number: 000021868
Article Type: How To
Last Modified: 03 Apr 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.