Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

SID on a qtree unix

ALESSIO_ISAJA
‎2014-07-03 03:08 AM
4,702 Views

Dear community,

we have a qtree with unix security style which holds also windows home directories (exported via CIFS)

while troubleshooting some not working software we have discovered that files on the user's home are yes owned by the user but with a "unixPermUID"  prefix, which is somehow misinterpreted by some software.

Further investigations shown that the SID of the files in that homedirectory is not aligned with the real SID of the user but is something like S-1-5-21-2038298172-1297133386-1111-UID.

Ok, it's a unix qtree, but we were wondering if there is a way for CIFS to exports the real SID. I don't know, a sort of mapping ?

thanks,

alessio

0 Kudos
View By:
5 REPLIES 5

aborzenkov
‎2014-07-03 03:50 AM
4,702 Views

I do not think it is possible. There is no way to store Windows SID on qtree with unix security style. When you check file security attributes from Windows, filer fakes SIDs. User mapping between Windows and Unix exists only for the purposes of access control.

May be you could store home directory on ntfs qtree. You can access them from Unix using NFS as well.

0 Kudos

ALESSIO_ISAJA
‎2014-07-03 07:47 AM
In response to aborzenkov
4,702 Views

That's a pity, I thought that at the CIFS level there could be something that "keeps" also SIDs, e.g. reading the SID field from the active directory. Is Netapp using a kind of customized samba?

we wanted  linux and widnows  PCs to share the same home folder and after some test we choose qtree_unix  because under the linux side there were more issues to address with

thanks,

alessio

0 Kudos

aborzenkov
‎2014-07-03 07:59 AM
In response to ALESSIO_ISAJA
4,702 Views

It's impossible in general case - mapping is not one-to-one. It can also be one way only ...

Security tab on Unix qtree cannot be used to change permissions anyway. It is mostly to allow you to see original, unix, mode bits.

What problems did you have on Unix side? As long as user mapping is set up correctly, I'd actually expected it to be easier.

0 Kudos

aborzenkov
‎2014-07-11 01:02 AM
4,702 Views

In case you are using (or planning to use) C-Mode, you may be interested in 8.2.2 changes:

Under certain circumstances, you might want to disable the presentation of UNIX permissions as
NTFS ACLs. If this functionality is disabled, Data ONTAP presents UNIX security-style volumes as
FAT volumes to SMB clients.

This may provide work around for your problem, because programs should not expect to find SID on FAT volume in the first place ... I wonder, for all I can tell Unix qtree was presented as FAT in 7-Mode forever ... ah, it is cifs.preserve_unix_security option. Which default to off according to documentation. Check how it is set - you may try to flip it.

ALESSIO_ISAJA
‎2014-07-11 01:17 AM
In response to aborzenkov
4,702 Views

Thanks for your replay, I will check it with our Netapp manager, in the meanwhile we are bothering finding tricks for those programs that check for SIDs.

to answer your previous qeustion: we have some scripts that run under a unix environment which seem not run perfectly if the filesystem is NTFS (i guess the problem was that we could not CHMOD correctly).

0 Kudos
All Community Forums
Public