PowerScale:Isilon:OneFS:如何处理 SMB 复制和移动文件和文件夹时的权限
摘要: 如何处理 SMB 复制和移动文件和文件夹时的权限
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
说明
复制或创建操作 (复制/粘贴):
Copy 操作示例:正在将包含子文件“sourcefile”的目录“source”复制到目录“target”
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory “source” to directory “target” using AD user SMB administrator@isilon.com :
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source<<<< user/group ownership of the user who performing the copy operation OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<<
inherited ACE from parent directory “target”
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<<inherited ACE from parent directory “target”
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile<<<< user/group ownership of the user who performed the copy operation
所有者:user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory “target” 1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory “target”Note:
来自源的 ACE 不会保留/复制到复制的目录/文件(例如:user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
移动操作示例:将包含子文件“sourcefile”的目录“source”移动到目录“target”
1。用户 administrator@isilon.com 对“source”目录和“sourcefile”子文件至少具有“读取和std_write_dac”权限。
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“源”移动到目录“目标”后:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit ACE retained from the source 1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
<<<< 2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child ACE retained from the source 3: group:wheel allow dir_gen_read,dir_gen_execute<<<< ACE retained from the source 3: group:wheel allow , ACE retained from the source
<<<<
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace inherited ACE from parent directory “target”
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace<<<< inherited ACE from parent directory “target” # ls -led target/source/sourcefile <<<<
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<<user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<<从源
1 保留的 ACE: user:ISILON\administrator 允许从源 2 继承的 file_gen_read,std_write_dac,inherited_ace <<<< ACE: user:ISILON\administrator 允许从父目录“target”继承的 file_gen_all,inherited_ace 继承的 ACE
<<<<
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace<<<< inherited ACE from parent directory “target”
2.用户 administrator@isilon.com 具有除对“source”目录和“sourcefile”子文件的“std_write_dac”权限以外的全部权限:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,
dir_gen_execute # ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“source”移动到目录“target”后:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<<从源
保留的 ACE 1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: 每个人都允许dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:
wheel control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
注意: 没有从父目录“目标”继承的 ACE。(例如:user:ISILON\targetuser)
- 用户/组所有权:复制的目录和子文件将获得执行复制操作的用户的所有权。
- 访问控制条目 (ACE):
- 来自源的 ACE 不会保留/复制到复制的目录和子文件。
- 带有继承标志的 ACE 从目标父目录继承到复制的目录和子文件。
移动操作 (剪切/粘贴):源目录/子文件的权限控制目标权限
- 用户/组所有权:移动的目录和子文件保留源的所有权。
- 访问控制条目 (ACE):
- 来自源的 ACE 将保留/复制到移动的目录和子文件中。
- 父目标目录上具有继承标记的 ACE:
- 如果执行的用户对源目录和子文件具有“std_write_dac”权限,则会继承 ACE。
- 如果执行的用户对源目录和子文件具有除“std_write_dac”权限以外的全部权限,则由于潜在的安全违规,ACE 将不会 被继承。
Copy 操作示例:正在将包含子文件“sourcefile”的目录“source”复制到目录“target”
- Source directory:
drwxrwx--- + 2 root wheel 28 May 25 11:29 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_all
- 源目录中的子文件:
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 11:29 source/sourcefileOWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow file_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow file_gen_all,object_inherit,container_inherit
2: user:root allow file_gen_all
- 目标父目录:
drwxrwx--- + 3 ISILON\administrator ISILON\domain users 52 May 25 11:56 target
OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
After copying directory “source” to directory “target” using AD user SMB administrator@isilon.com :
# ls -led target/source
drwxrwx--- + 2 ISILON\administrator ISILON\domain users 28 May 25 11:56 target/source<<<< user/group ownership of the user who performing the copy operation OWNER: user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit <<<<
inherited ACE from parent directory “target”
1: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit <<<<inherited ACE from parent directory “target”
# ls -led target/source/sourcefile
-rwxrwx--- + 1 ISILON\administrator ISILON\domain users 0 May 25 11:29 target/source/sourcefile<<<< user/group ownership of the user who performed the copy operation
所有者:user:ISILON\administrator
GROUP: group:ISILON\domain users
0: user:ISILON\targetuser allow file_gen_all <<<< inherited ACE from parent directory “target” 1: user:ISILON\administrator allow file_gen_all <<<< inherited ACE from parent directory “target”Note:
来自源的 ACE 不会保留/复制到复制的目录/文件(例如:user:ISILON\sourceuser)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
移动操作示例:将包含子文件“sourcefile”的目录“source”移动到目录“target”
1。用户 administrator@isilon.com 对“source”目录和“sourcefile”子文件至少具有“读取和std_write_dac”权限。
# ls -led source
drwxrwx--- + 2 root wheel 28 May 25 12:42 source
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
# ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 12:42 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
1: user:ISILON\administrator allow inherited file_gen_read,std_write_dac,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 12:49 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“源”移动到目录“目标”后:
# ls -led target/source
drwxrwx--- + 2 root wheel 28 May 25 12:42 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit ACE retained from the source 1: user:ISILON\administrator allow dir_gen_read,std_write_dac,object_inherit,container_inherit <<<< ACE retained from the source
<<<< 2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child ACE retained from the source 3: group:wheel allow dir_gen_read,dir_gen_execute<<<< ACE retained from the source 3: group:wheel allow , ACE retained from the source
<<<<
4: user:ISILON\administrator allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace inherited ACE from parent directory “target”
5: user:ISILON\targetuser allow inherited dir_gen_all,object_inherit,container_inherit,inherited_ace<<<< inherited ACE from parent directory “target” # ls -led target/source/sourcefile <<<<
-rwxrwx--- + 1 root wheel 0 May 25 12:42 target/source/sourcefile <<<<user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace <<<<从源
1 保留的 ACE: user:ISILON\administrator 允许从源 2 继承的 file_gen_read,std_write_dac,inherited_ace <<<< ACE: user:ISILON\administrator 允许从父目录“target”继承的 file_gen_all,inherited_ace 继承的 ACE
<<<<
3: user:ISILON\targetuser allow inherited file_gen_all,inherited_ace<<<< inherited ACE from parent directory “target”
2.用户 administrator@isilon.com 具有除对“source”目录和“sourcefile”子文件的“std_write_dac”权限以外的全部权限:
# ls -led source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,
dir_gen_execute # ls -led source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 source/sourcefile
OWNER: user:root
GROUP: group:wheel
control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
# ls -led target
drwxrwxr-x + 2 root wheel 0 May 25 13:58 target
OWNER: user:root
GROUP: group:wheel
0: user:ISILON\administrator allow dir_gen_all,object_inherit,container_inherit
1: user:ISILON\targetuser allow dir_gen_all,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: everyone allow dir_gen_read,dir_gen_execute 使用 SMB 的 AD 用户 administrator@isilon.com 将目录“source”移动到目录“target”后:
# ls -led target/source
drwxrwxr-x + 2 root wheel 28 May 25 13:19 target/source <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited
0: user:ISILON\sourceuser allow dir_gen_all,object_inherit,container_inherit <<<<从源
保留的 ACE 1: user:ISILON\administrator allow dir_gen_read,dir_gen_write,dir_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
2: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
3: group:wheel allow dir_gen_read,dir_gen_execute
4: 每个人都允许dir_gen_read,dir_gen_execute
# ls -led target/source/sourcefile
-rwxrwx--- + 1 root wheel 0 May 25 13:19 target/source/sourcefile <<<< user and group ownership are retained from source
OWNER: user:root
GROUP: group:
wheel control:dacl_auto_inherited,sacl_auto_inherited
0: user:ISILON\administrator allow file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_owner,delete_child,object_inherit,container_inherit
1: user:ISILON\sourceuser allow inherited file_gen_all,inherited_ace
2: user:ISILON\administrator allow inherited file_gen_read,file_gen_write,file_gen_execute,std_delete,std_write_dac,delete_child,inherited_ace
注意: 没有从父目录“目标”继承的 ACE。(例如:user:ISILON\targetuser)
其他信息
- 用户需要共享级别的读/写权限才能复制或移动文件夹或文件。
- std_write_dac:在对象的安全描述符中修改 DACL 的权限。
- 权限包括std_write_dac 权限:file_gen_all、dir_gen_all、std_required和修改。
受影响的产品
PowerScale OneFS产品
PowerScale OneFS文章属性
文章编号: 000021868
文章类型: How To
上次修改时间: 03 4月 2025
版本: 4
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。