Hi, I'm new here, so please accept my apologies if I do something wrong. I have a security style NTFS volume mounted and shared to a client. The client has a new host to manage that volume too. But he demands to manage through NFS protocol with Linux O.S. I change the security style do Mixed on the volume and on the actual mixed mounted share, I kept the Share Access Control to the users in production on the NTFS services. I changed the export policies to allow NFS protocols on the new host, adding IP Host on Client Rules, plus NFS Access Protocol and Rules of Read/Write as Any, just to start the configuration of this host. After the export policy, we can mount the volume and see it, but we can't open directory. It says Permission denied.
root@HOST:/mnt# mount -t nfs -o vers=3 10.10.10.10:/Client1 /mnt/share/ -vvv mount.nfs: timeout set for Wed Jan 13 20:22:57 2021 mount.nfs: trying text-based options 'vers=3,addr=10.10.10.12' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 10.10.10.10 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying 10.10.10.10 prog 100005 vers 3 prot UDP port 635 root@HOST:/mnt# root@HOST:/mnt# ll /mnt/share/ ls: cannot open directory '/mnt/share/': Permission denied root@HOST:/mnt#
This is the Output of Security file-directory that I hve from the vserver:
netapp::> vserver security file-directory show -vserver svm_nas_iscsi -path /GoldenEnergy
Vserver: svm File Path: /Client1 File Inode Number: 64 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:BUILTIN\Administrators Group:BUILTIN\Administrators DACL - ACEs ALLOW-Everyone-0x1f01ff ALLOW-Everyone-0x10000000-OI|CI|IO
Can you help me on why we doesn't have permission to open directory after mounting the volume share ? Thank you in advance for your support, Best regards, Filipe
When the security style is mixed or unified, the effective permissions depend on the client type that last modified the permissions because users set the security style on an individual basis. For Mixed – (UNIX or NTFS permissions), depends on who last changed permissions.
If the last client was an SMB client, the permissions are Windows NTFS ACLs. Hence, when NFS clients are accessing the same resource, the storage node will need to collect windows credentials for the Unix user to determine if access can be granted. If the Windows credentials do not grant permissions on the file, access will be denied. Most likely your case.
There is plenty of stuff around this (mixed style security) on internet (google/netapp supprot site).
Thank you for the documents and links you sent it.
Has we have a mixed security style and a Path Share for NTFS. We made a workaround. We create a Qtree mount path with unix security style. Now we can open the directory on that new mount path </path/qtree path>. <path> - security style mixed
<qtree path> - security style unix
Thank you very much for your help ! Best regards, Filipe