Can mount nfs with read and write, but is not allowed change/save the same file in windows
2015-10-07 06:26 AM
I have a SVM with cDOT 8.3 and SVM (CIFS and NFS) is ok on the network The Linux server mount NFS volume and allow read and write permissions.
all files created in the linux server is seen in the windows server (share CIFS)
I can only read the same files that were created in linux, but if i create a new file it is allowed. I can´t change and write in the same file created in the linux server. I need change the file (created in the linux) and save in the windows CIFS share. It is possible?
Thank you for your help!
2 REPLIES 2
Re: Can mount nfs with read and write, but is not allowed change/save the same file in windows
2015-10-20 01:52 PM
When dealing with CIFS and NFS on the same volume/dataset, you have to keep in mind the following.
- Security style: this is the style of ACL of the filesystem object. If NTFS security, NFS clients will need to map a UNIX user to a Windows user to figure out permissions. If UNIX security, CIFS clients will need to map to a UNIX user to figure out UNIX permissions. If mixed, then the *effective* security style of the volume will determine how you authenticate.
- Permissions: NTFS security = NTFS ACLs. UNIX security = UNIX mode bits (ie 777) or NFSv4 ACLs. NFS clients don't understand NTFS ACLS. CIFS clients don't understand UNIX ACLs. That's why we map users; to figure out permissions. If using mixed security style, the effective security style will change based on the last change of permissions (ie chmod).
If you're able to authenticate and write to a volume, that means you have permissions. If you can't change the file (or ACLs) that means you need to figure out the following:
- Who the user accessing the file *really* is in terms of what the cluster sees
- What permissions/security style is on the volume/file
Some commands to get you started:
::> vserver security file-directory show -vserver [SVM] -path [/volname/file] (this shows you sec style, ACLs, etc)
::> set diag
::*> diag secd authentication show-creds -vserver [SVM] -node [nodename] -win-name [windowsname]
::*> diag secd authentication show-creds -vserver [SVM] -node [nodename] -unix-name [unixname]
Those commands will help you determine the "who" and the "what" of your issue.