PowerScale: Isilon: OneFS: How permissions are handled when you copy and move files and folders by SMB
摘要: How permissions are handled when you copy and move files and folders by SMB
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
说明
Copy or Create Operation (copy/paste):
Copy Operation Example: Copying directory "source" with subfile "sourcefile" to directory "target"
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory "target"
Note: ACEs from the source are not retained/copied to the copied directory/files (ex: user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Move Operation Example: Move directory "source" with subfile "sourcefile" to directory "target"
1. User administrator@isilon.com has at least "read and std_write_dac" permissions on the "source" directory and "sourcefile" subfile.
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child <<<< ACE retained from the source
3: group:wheel allow dir_gen_read,dir_gen_execute <<<< ACE retained from the source
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<< ACE retained from the source
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace <<<< ACE retained from the source
2: user:ISILON\administrator allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
2. User administrator@isilon.com has full permissions EXCEPT "std_write_dac" permission on the "source" directory and "sourcefile" subfile:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
Note: No inherited ACEs from the parent directory "target". (ex: user:ISILON\targetuser)
- User/group ownership: The copied directories and subfiles get the ownership of the user who performs the copy operation.
- Access Control Entries (ACEs):
- The ACEs from the source are not retained/Copied to the copied directories and subfiles.
- The ACEs with inheritance flag get inherited from the target parent directory to the copied directories and subfiles.
Move Operation (cut/paste): The permissions on the source directories/sub-files control the target permissions
- User/group ownership: The moved directories and subfiles retain the ownership as of the source.
- Access Control Entries (ACEs):
- The ACEs from the source are retained/copied to the moved directories and subfiles.
- The ACEs with inheritance flag on the parent target directory:
- If the performed user has "std_write_dac" permissions on the source directories and subfiles, the ACEs get inherited.
- If the performed user has full permissions EXCEPT "std_write_dac" permission on the source directory and subfiles, the ACEs will NOT get inherited due to potential security violation.
Copy Operation Example: Copying directory "source" with subfile "sourcefile" to directory "target"
- Source directory:
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
- Subfile in the source directory:
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 11:29 source/sourcefileOWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
- Target parent directory:
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile <<<< user/group ownership of the user who performed the copy operation
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory "target"
1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory "target"
Note: ACEs from the source are not retained/copied to the copied directory/files (ex: user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Move Operation Example: Move directory "source" with subfile "sourcefile" to directory "target"
1. User administrator@isilon.com has at least "read and std_write_dac" permissions on the "source" directory and "sourcefile" subfile.
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child <<<< ACE retained from the source
3: group:wheel allow dir_gen_read,dir_gen_execute <<<< ACE retained from the source
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace <<<< inherited ACE from parent directory "target"
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<< ACE retained from the source
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace <<<< ACE retained from the source
2: user:ISILON\administrator allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace <<<< inherited ACE from parent directory "target"
2. User administrator@isilon.com has full permissions EXCEPT "std_write_dac" permission on the "source" directory and "sourcefile" subfile:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
After moving directory "source" to directory "target" using AD user administrator@isilon.com by SMB:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<< ACE retained from the source
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
Note: No inherited ACEs from the parent directory "target". (ex: user:ISILON\targetuser)
其他信息
- The user needs read/write permissions on the share level to copy or move folders or files.
- std_write_dac: The right to modify the DACL in the object's security descriptor.
- Permissions include std_write_dac right: file_gen_all, dir_gen_all, std_required, and modify.
受影响的产品
PowerScale OneFS产品
PowerScale OneFS文章属性
文章编号: 000021868
文章类型: How To
上次修改时间: 03 4月 2025
版本: 4
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。