https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38188#M3512 <HTML><HEAD></HEAD><BODY><P>While discussing another multiprotocol access issue I realized that I have never seen the answer to this. Let's suppose I set default security to mixed. Then newly created volume will get security style "mixed"; but which security will get <STRONG>root</STRONG> of this volume? It must have either Unix or ACL; how is one selected?</P></BODY></HTML> Thu, 05 Jun 2025 07:15:05 GMT aborzenkov 2025-06-05T07:15:05Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38188#M3512 <HTML><HEAD></HEAD><BODY><P>While discussing another multiprotocol access issue I realized that I have never seen the answer to this. Let's suppose I set default security to mixed. Then newly created volume will get security style "mixed"; but which security will get <STRONG>root</STRONG> of this volume? It must have either Unix or ACL; how is one selected?</P></BODY></HTML> Thu, 05 Jun 2025 07:15:05 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38188#M3512 aborzenkov 2025-06-05T07:15:05Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38193#M3515 <HTML><HEAD></HEAD><BODY><P>First off I will suggest against using mixed unless absolutely necessary. In most environments it's not a good thing.</P><P></P><P>That being said each file or directory will have either a set of UNIX permission bits or an Windows ACL. Any user (root included) will be mapped to the appropriate space according to the permissions on that file. This is why most people map root to a Windows Administrator account to make sure it works either way.</P><P></P><P>But I generally recommend choosing unix or ntfs for a security style if at all possible. Mixed mode is not required for multiprotocol access and picking one of the other two modes simplifies permission issues.</P><P></P><P>-- Adam Fox</P></BODY></HTML> Sun, 25 Apr 2010 07:48:40 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38193#M3515 adamfox 2010-04-25T07:48:40Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38196#M3517 <HTML><HEAD></HEAD><BODY><P>I am sorry, but how does it answer my question?</P><P></P><P>Thank you for trying anyway <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.netapp.com/4.0.6/images/emoticons/happy.gif"></SPAN></P></BODY></HTML> Sun, 25 Apr 2010 07:58:07 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38196#M3517 aborzenkov 2010-04-25T07:58:07Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38201#M3519 <HTML><HEAD></HEAD><BODY><P>Ok, I'll give it another shot... <SPAN __jive_emoticon_name="happy"></SPAN></P><P></P><P>It looks like your talking about the root inode of a newly created mixed volume. While I'm not a WAFL engineer I would assume it starts with UNIX permissions, but I doubt in most cases it matters since it's changeable at the first access and most sites have root mapped to Administrator (since ONTAP does this by default). With that mapping if a Windows admin mapped to root makes a change on that inode, poof, it's an ACL.</P><P></P><P>-- Adam Fox</P></BODY></HTML> Sun, 25 Apr 2010 15:28:40 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Security-style-for-new-volume-root-with-wafl-default-security-style-mixed/m-p/38201#M3519 adamfox 2010-04-25T15:28:40Z