<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic How to set permissions from NTFS-style qtree mounted via NFS in ONTAP Discussions</title>
    <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21634#M5089</link>
    <description>&lt;P&gt;In our recent transition from 7-mode to CDOT, we uncovered an issue that affected us in the past covered in &lt;A href="https://kb.netapp.com/support/index?page=content&amp;amp;actp=LIST&amp;amp;id=3011859" target="_blank"&gt;KB3011858&lt;/A&gt;.&amp;nbsp; Problem is, the KB doesn't note the workaround for CDOT.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'll share the command and you can determine the level to apply it if I've described it correctly.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Two things to note first:&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;The mount should be NFSv3 if mounted at the qtree level as qtree exports are available for NFSv3 exports only.&lt;/LI&gt;&lt;LI&gt;If you're accessing data under a qtree using NFSv4 mounted at the volume level, then this issue doesn't apply&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The specific symptoms we saw were:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;"operation no permitted" when trying to copy or move a file from local unix filesystem to NTFS qtree mounted NFS.&amp;nbsp; It would copy the filename and the file would be 0 bytes at the destination&lt;/LI&gt;&lt;LI&gt;editing a file on NTFS qtree mounted NFS resulted in "Found a swap file by the name xxxx.xxx....." and files .xxxx.xxx.swo and xxxx.xxx.swp were created as a result&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Appears there are two approaches in CDOT&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;set 'ntfs-unix-security-ops' field to 'ignore' for the entire vserver (default is 'use_export_policy')&lt;BR /&gt;&lt;BR /&gt;vserver nfs modify -vserver &amp;lt;vserver&amp;gt; -ntfs-unix-security-ops ignore&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;&lt;LI&gt;Keep the vserver setting default and change the same field for a specific export-policy rule&lt;BR /&gt;&lt;BR /&gt;export-policy rule show -vserver &amp;lt;vserver&amp;gt; -policyname &amp;lt;policy&amp;gt; -ruleindex &amp;lt;index #&amp;gt; -ntfs-unix-security-ops ignore&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Description of this setting from &lt;A href="https://library.netapp.com/ecmdocs/ECMP1196817/html/vserver/export-policy/rule/modify.html" target="_blank"&gt;OnTap command reference&lt;/A&gt;.&amp;nbsp; Note that it must be set w/ privilege advanced:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN class="option"&gt;[&lt;STRONG&gt;-ntfs-unix-security-ops&lt;/STRONG&gt; {ignore|fail}]&lt;/SPAN&gt; - NTFS Unix Security Options (privilege: &lt;STRONG&gt;advanced&lt;/STRONG&gt;)&lt;/P&gt;&lt;P&gt;This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore) when the request originates from an NFS client. The default setting is &lt;SPAN class="userinput"&gt;fail&lt;/SPAN&gt;.&lt;/P&gt;</description>
    <pubDate>Thu, 15 Jun 2017 18:06:41 GMT</pubDate>
    <dc:creator>bsnyder27</dc:creator>
    <dc:date>2017-06-15T18:06:41Z</dc:date>
    <item>
      <title>How to set permissions from NTFS-style qtree mounted via NFS</title>
      <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21634#M5089</link>
      <description>&lt;P&gt;In our recent transition from 7-mode to CDOT, we uncovered an issue that affected us in the past covered in &lt;A href="https://kb.netapp.com/support/index?page=content&amp;amp;actp=LIST&amp;amp;id=3011859" target="_blank"&gt;KB3011858&lt;/A&gt;.&amp;nbsp; Problem is, the KB doesn't note the workaround for CDOT.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'll share the command and you can determine the level to apply it if I've described it correctly.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Two things to note first:&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;The mount should be NFSv3 if mounted at the qtree level as qtree exports are available for NFSv3 exports only.&lt;/LI&gt;&lt;LI&gt;If you're accessing data under a qtree using NFSv4 mounted at the volume level, then this issue doesn't apply&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The specific symptoms we saw were:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;"operation no permitted" when trying to copy or move a file from local unix filesystem to NTFS qtree mounted NFS.&amp;nbsp; It would copy the filename and the file would be 0 bytes at the destination&lt;/LI&gt;&lt;LI&gt;editing a file on NTFS qtree mounted NFS resulted in "Found a swap file by the name xxxx.xxx....." and files .xxxx.xxx.swo and xxxx.xxx.swp were created as a result&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Appears there are two approaches in CDOT&lt;/P&gt;&lt;OL&gt;&lt;LI&gt;set 'ntfs-unix-security-ops' field to 'ignore' for the entire vserver (default is 'use_export_policy')&lt;BR /&gt;&lt;BR /&gt;vserver nfs modify -vserver &amp;lt;vserver&amp;gt; -ntfs-unix-security-ops ignore&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;&lt;LI&gt;Keep the vserver setting default and change the same field for a specific export-policy rule&lt;BR /&gt;&lt;BR /&gt;export-policy rule show -vserver &amp;lt;vserver&amp;gt; -policyname &amp;lt;policy&amp;gt; -ruleindex &amp;lt;index #&amp;gt; -ntfs-unix-security-ops ignore&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Description of this setting from &lt;A href="https://library.netapp.com/ecmdocs/ECMP1196817/html/vserver/export-policy/rule/modify.html" target="_blank"&gt;OnTap command reference&lt;/A&gt;.&amp;nbsp; Note that it must be set w/ privilege advanced:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN class="option"&gt;[&lt;STRONG&gt;-ntfs-unix-security-ops&lt;/STRONG&gt; {ignore|fail}]&lt;/SPAN&gt; - NTFS Unix Security Options (privilege: &lt;STRONG&gt;advanced&lt;/STRONG&gt;)&lt;/P&gt;&lt;P&gt;This parameter specifies whether UNIX-type permissions changes on NTFS (Windows) volumes are prohibited (fail) or allowed (ignore) when the request originates from an NFS client. The default setting is &lt;SPAN class="userinput"&gt;fail&lt;/SPAN&gt;.&lt;/P&gt;</description>
      <pubDate>Thu, 15 Jun 2017 18:06:41 GMT</pubDate>
      <guid>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21634#M5089</guid>
      <dc:creator>bsnyder27</dc:creator>
      <dc:date>2017-06-15T18:06:41Z</dc:date>
    </item>
    <item>
      <title>Re: How to set permissions from NTFS-style qtree mounted via NFS</title>
      <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21639#M5090</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;If you are accessing a NTFS security style volume from NFS, there is no way to modify permissions from NFS. Setting the ntfs-unix-security-ops to ignore simply bypasses the error; it does not allow you to change access.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The reason setting this option to ignore allows NFSv3 to function on file copies is that it ignores the SETATTR attribute that takes place during the copy. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The only way to truly modify permissions on NTFS security style volumes is from a Windows client or via vserver security file-directory apply commands.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 22 Jul 2014 19:41:28 GMT</pubDate>
      <guid>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21639#M5090</guid>
      <dc:creator>parisi</dc:creator>
      <dc:date>2014-07-22T19:41:28Z</dc:date>
    </item>
    <item>
      <title>Re: How to set permissions from NTFS-style qtree mounted via NFS</title>
      <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21644#M5091</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Understood.&amp;nbsp; I just wanted to note the workaround for others who might experience the same pain as I did.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The ignore actually works well for us.&amp;nbsp; Doing a file copy simply inherits the ACLs of the parent directory and the owner information is accurate based off of the user mapping of the user performing the copy.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Any disadvantage or other reason to not set this option for the entire vserver versus making exceptions as-needed in individual export policy rules?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 22 Jul 2014 19:58:18 GMT</pubDate>
      <guid>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21644#M5091</guid>
      <dc:creator>bsnyder27</dc:creator>
      <dc:date>2014-07-22T19:58:18Z</dc:date>
    </item>
    <item>
      <title>Re: How to set permissions from NTFS-style qtree mounted via NFS</title>
      <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21650#M5092</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;No real disadvantage I can think of, unless you want to ensure people know their attempt to modify permissions failed. Otherwise, it's a silent failure.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 22 Jul 2014 20:02:13 GMT</pubDate>
      <guid>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/21650#M5092</guid>
      <dc:creator>parisi</dc:creator>
      <dc:date>2014-07-22T20:02:13Z</dc:date>
    </item>
    <item>
      <title>Re: How to set permissions from NTFS-style qtree mounted via NFS</title>
      <link>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/122112#M26170</link>
      <description>&lt;P&gt;Thank you bsnyder, this saved me alot of work.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 08 Aug 2016 14:22:15 GMT</pubDate>
      <guid>https://community.netapp.com/t5/ONTAP-Discussions/How-to-set-permissions-from-NTFS-style-qtree-mounted-via-NFS/m-p/122112#M26170</guid>
      <dc:creator>BillFleury</dc:creator>
      <dc:date>2016-08-08T14:22:15Z</dc:date>
    </item>
  </channel>
</rss>

