Subscribe

managing cifs security access

Hi,

I'm starting to migrate NTFS data from an old emc san to a netapp 3020.  Ive created a volume with ntfs security and created a share with full permissions (everyone).  If I then go to a windows machine and connect to the share to manage security, if I make additions to the security tab (like add my user account with full access), I get a warning stating "Remotely setting permissions on the folder at the root of the share removes all inherited permissions from the root folder and all subfolders.  to set permissions without removing inherited permissions, clikc No and either change the permissions on a child folder or make the change while logged in locally.  Do you want to continue?

I did a little looking and it seems to be the way that microsofts cifs client handles the share at a root level.

My question is... what is the recommended way to manage NTFS security on a netapp filer since there really is no windows "local" box that the share is connected to.

Cheers,

-Derek

Re: managing cifs security access

Derek -

You can log in to the filer using 'Computer Management' and administer localy to edit the share level permissions.

Control Panel - Administrative Tools - Computer Management

Rt click on 'Computer Management(Local)' and select 'Connect to another computer' from the menu.

You can administer the NetApp as you would any Windows file server ...

I hope this response has been helpful to you.

At your service,

Eugene Kashpureff
NetAppU Instructor and Independent Consultant
(P.S. I appreciate points for helpful or correct answers.)

Re: managing cifs security access

Hi Eugene,

I didn't get notified of this response, otherwise I would've replied earlier!

My account that I'm logged in as actually doesn't have access to get to the filer... which is fine.. I can fix that on my side.

I took a screenshot of a general share managed by computer management.

So are you saying that editing the security on that share through computer management as opposed to just through the cifs share will prevent that error from happening and it will essentially be treated as a local connection?

It looks like subfolder security will be able to be modified without issue.

If you can confirm this - which I believe you pretty much did in your previous post, that would be grand!

Cheers,

-Derek

Re: managing cifs security access

I was able to access my filer via mmc... was fumbling the server name wrong before.

however, I get the same error when trying to remove a user and apply the changes.  All the other permissions (netapp\administrator, and domain admins) are inherited permissions...  so I certainly don't want those removed because then I would have no permissions!

Any thoughts?

Cheers,

-Derek

Re: managing cifs security access

Derek -

There's a difference between share level permissions and permissions on the files/folders in the shares.

Only share level permissions are managed on the NetApp. Windows is used to manage the files and folders.

Share level permissions are managed by clicking on the share permissions tab, rather than the security tab.

Share permissions can also be managed on the CLI with 'cifs access', or through FilerView or using System Manager.

I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff

Fastlane NetApp Instructor and Independent Consultant
(P.S. I appreciate points for helpful or correct answers.)

Re: managing cifs security access

Hi Eugene,

I know that there's a difference between share level and security (file/folder level) permissions.

I've set the share permissions on the netapp through filerview.  What I want to do now is understand the proper way to manage the security permissions. 

I think computer management/mmc is the correct way and the behavior I'm getting is buggy microsoft code... at least that's what I'm going to stick by

Re: managing cifs security access

I also  have a problem with the distribution rights for NetApp protocol CIFS:  inheritance from the parent, prohibit reading of certain sub-folders and  all other transactions that may commit in Windows.

Re: managing cifs security access

Hi again,

I just wanted to complete the thread...  everything is working the way I expect now.  It's been a long time since I've dealt with netapp, and windows security permissions so I was a bit foggy on how everything worked.  Through computer management I can now successfully edit my filter security permissions without any issues.

Thanks for the help!

Re: managing cifs security access

one more quick thing.  What governs who can manage a filer via mmc?

I have a test filer that I didn't set up that I don't seem to have access to whereas the other filers I do.  What option grants access? 

Re: managing cifs security access

Members of the 'Administrators' group as defined in /etc/lclgroups.cfg can manage the filer.


I hope this response has been helpful to you.

At your service,


Eugene E. Kashpureff
ekashp@kashpureff.org
Fastlane NetApp Instructor and Independent Consultant
http://www.fastlaneus.com/ http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)