PowerScale: Isilon: OneFS: How permissions are handled when you copy and move files and folders by SMB
Summary: How permissions are handled when you copy and move files and folders by SMB
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Copy or Create Operation (copy/paste):
Copy Operation Example: Copying directory "source" with subfile "sourcefile" to directory "target"
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory "target"
Note: ACEs from the source are not retained/copied to the copied directory/files (ex: user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Move Operation Example: Move directory "source" with subfile "sourcefile" to directory "target"
1. User administrator@isilon.com has at least "read and std_write_dac" permissions on the "source" directory and "sourcefile" subfile.
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child <<<< ACE retained from the source
3: group:wheel allow dir_gen_read,dir_gen_execute <<<< ACE retained from the source
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<< ACE retained from the source
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace <<<< ACE retained from the source
2: user:ISILON\administrator allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
2. User administrator@isilon.com has full permissions EXCEPT "std_write_dac" permission on the "source" directory and "sourcefile" subfile:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
Note: No inherited ACEs from the parent directory "target". (ex: user:ISILON\targetuser)
- User/group ownership: The copied directories and subfiles get the ownership of the user who performs the copy operation.
- Access Control Entries (ACEs):
- The ACEs from the source are not retained/Copied to the copied directories and subfiles.
- The ACEs with inheritance flag get inherited from the target parent directory to the copied directories and subfiles.
Move Operation (cut/paste): The permissions on the source directories/sub-files control the target permissions
- User/group ownership: The moved directories and subfiles retain the ownership as of the source.
- Access Control Entries (ACEs):
- The ACEs from the source are retained/copied to the moved directories and subfiles.
- The ACEs with inheritance flag on the parent target directory:
- If the performed user has "std_write_dac" permissions on the source directories and subfiles, the ACEs get inherited.
- If the performed user has full permissions EXCEPT "std_write_dac" permission on the source directory and subfiles, the ACEs will NOT get inherited due to potential security violation.
Copy Operation Example: Copying directory "source" with subfile "sourcefile" to directory "target"
- Source directory:
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
- Subfile in the source directory:
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 11:29 source/sourcefileOWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
- Target parent directory:
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory "target"
Note: ACEs from the source are not retained/copied to the copied directory/files (ex: user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Move Operation Example: Move directory "source" with subfile "sourcefile" to directory "target"
1. User administrator@isilon.com has at least "read and std_write_dac" permissions on the "source" directory and "sourcefile" subfile.
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child <<<< ACE retained from the source
3: group:wheel allow dir_gen_read,dir_gen_execute <<<< ACE retained from the source
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<< ACE retained from the source
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace <<<< ACE retained from the source
2: user:ISILON\administrator allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
2. User administrator@isilon.com has full permissions EXCEPT "std_write_dac" permission on the "source" directory and "sourcefile" subfile:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
Note: No inherited ACEs from the parent directory "target". (ex: user:ISILON\targetuser)
Additional Information
- The user needs read/write permissions on the share level to copy or move folders or files.
- std_write_dac: The right to modify the DACL in the object's security descriptor.
- Permissions include std_write_dac right: file_gen_all, dir_gen_all, std_required, and modify.
Affected Products
PowerScale OneFSProducts
PowerScale OneFSArticle Properties
Article Number: 000021868
Article Type: How To
Last Modified: 03 Apr 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.