2014-07-03 03:08 AM
we have a qtree with unix security style which holds also windows home directories (exported via CIFS)
while troubleshooting some not working software we have discovered that files on the user's home are yes owned by the user but with a "unixPermUID" prefix, which is somehow misinterpreted by some software.
Further investigations shown that the SID of the files in that homedirectory is not aligned with the real SID of the user but is something like S-1-5-21-2038298172-1297133386-1111-UID.
Ok, it's a unix qtree, but we were wondering if there is a way for CIFS to exports the real SID. I don't know, a sort of mapping ?
2014-07-03 03:50 AM
I do not think it is possible. There is no way to store Windows SID on qtree with unix security style. When you check file security attributes from Windows, filer fakes SIDs. User mapping between Windows and Unix exists only for the purposes of access control.
May be you could store home directory on ntfs qtree. You can access them from Unix using NFS as well.
2014-07-03 07:47 AM
That's a pity, I thought that at the CIFS level there could be something that "keeps" also SIDs, e.g. reading the SID field from the active directory. Is Netapp using a kind of customized samba?
we wanted linux and widnows PCs to share the same home folder and after some test we choose qtree_unix because under the linux side there were more issues to address with
2014-07-03 07:59 AM
It's impossible in general case - mapping is not one-to-one. It can also be one way only ...
Security tab on Unix qtree cannot be used to change permissions anyway. It is mostly to allow you to see original, unix, mode bits.
What problems did you have on Unix side? As long as user mapping is set up correctly, I'd actually expected it to be easier.
2014-07-11 01:02 AM
In case you are using (or planning to use) C-Mode, you may be interested in 8.2.2 changes:
Under certain circumstances, you might want to disable the presentation of UNIX permissions as
NTFS ACLs. If this functionality is disabled, Data ONTAP presents UNIX security-style volumes as
FAT volumes to SMB clients.
This may provide work around for your problem, because programs should not expect to find SID on FAT volume in the first place ... I wonder, for all I can tell Unix qtree was presented as FAT in 7-Mode forever ... ah, it is cifs.preserve_unix_security option. Which default to off according to documentation. Check how it is set - you may try to flip it.
2014-07-11 01:17 AM
Thanks for your replay, I will check it with our Netapp manager, in the meanwhile we are bothering finding tricks for those programs that check for SIDs.
to answer your previous qeustion: we have some scripts that run under a unix environment which seem not run perfectly if the filesystem is NTFS (i guess the problem was that we could not CHMOD correctly).