ONTAP Discussions

Mixed Security Style and Multiprotocol Access

ERKANAKSOY
4,799 Views

Hello,

I have a mixed mode security style qtree and I have shared it via CIFS and exported with NFS.

From a Windows client I can access, modify and create files. It's working OK.

From a RedHat 6 server I can access, modify files but not create. Export settings are looking to be true, NFS client IP has R/W access. When I try to create a file following happens :

 

[root@servername mixed]# touch x
touch: cannot touch `x': Permission denied

 

Any ideas whats going wrong here?

Thanks

 

DataONTAP 8.2 7-Mode

1 ACCEPTED SOLUTION

georgevj
4,792 Views

Most probably because you do not have "write" permissions on the parent directory of "x".

This happens even for root because the effective security style of the volume would be NTFS at this time.

You can check this with the command " fsecurity show /vol/mixedvol" (substitute the appropriate volume name here)

 

The solution is to put correct name mapping in place via /etc/usermap.cfg.

Setting the option "cifs.nfs_root_ignore_acl" to "on"  may help for root user's access to the files.

 

You may also review the option "cifs.preserve_unix_security" and see if it applies here.

Check with "man options" for more details.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

View solution in original post

1 REPLY 1

georgevj
4,793 Views

Most probably because you do not have "write" permissions on the parent directory of "x".

This happens even for root because the effective security style of the volume would be NTFS at this time.

You can check this with the command " fsecurity show /vol/mixedvol" (substitute the appropriate volume name here)

 

The solution is to put correct name mapping in place via /etc/usermap.cfg.

Setting the option "cifs.nfs_root_ignore_acl" to "on"  may help for root user's access to the files.

 

You may also review the option "cifs.preserve_unix_security" and see if it applies here.

Check with "man options" for more details.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.
Public