2011-03-28 04:19 AM
I am trying to get my hardware guys to build for me some storage space that can be access from Unix and Windows but where I can apply Unix security and Windows Security.
So, I am after 50GB of space that from any Unix box, you have to be a member of a Unix group called "SalesTeamAutosys". That same piece of storage I would like to be accessed from Windows by 2 groups, "SalesUsersReadOnly" as read only and "SalesITReadWrite" as read write
I am being told different answers. First of all, that you cannot have this set up and the users in the Windows groups will need to have Unix logins and the permissions be applied on a user by user basis. But when I talk to the Windows team, they indicate that I can apply Windows groups but the Unix team need to set up the netapp filer correctly.
a) is it possible to have Windows and Unix groups going to the same netapp filer space? If so how (or is there a document)
b) If it is not possible what is the best method to get to the point where users from both OS's can see the storage (and users NOT in the groups have no visibility)
Thanks in advance
2011-03-28 08:11 AM
This is possible, I do it in our environment often. There are two ways you can really do this:
1. Set up mixed qtree permission on the volume. This can get a bit messy with permissions and who last accessed / wrote to a file. If your NetApp box wasn't configure for this originally, you will need to run through the 'cifs setup' wizard and allow for mixed protocols. That being said, it will restart cifs and kick all user connections off for a second. Because of the awesomeness of the CIFS protocol, this will kill any file transfer(s).
2. Create your windows share and mount it to your unix system using Samba with a windows user that has the right permissions. This is taking into account that this user has a UID and that LDAP has been set up. Newer versions of Unix / Linux do support DFS in case you need that. You will most likely need this to come up on boot so you can edit your /etc/fstab. Your unix admins can also put a password file in the /etc folder to get the right credentials to mount the share. Whenever something gets written through the Linux box, it will use that user and give the files permissions that way.
Hope this helps.