Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

Creator/Owner Permissions

storageadmins
‎2011-08-19 03:10 AM
6,139 Views

Hi everybody,

i have a question regarding the Creator/Owner permissions on a CIFS Share. We have several Shares on a FAS3140. Permissions on the share is everyone full control. On the Filesystem we have Full Control only for the Admistrator Group of the Filer and different read or change permissions to Domain Groups to the directory structure on the root level of the share. Permissions for subdirectories / files are inherited. Now we have the following problem. Per default the creator/owner of a file or directory has full control to it, that means if a user is creating a file or a directory he is able to modify the permissions of it, what we do not want. In Windows 2008 there is a new security principal called "OWNER RIGHTS" where this problem can be adressed (the process is described here: http://www.techrepublic.com/blog/networking/control-owner-access-rights-in-windows-server-2008/1379) .

My question is, is this also possible with a netapp filer ? Somebody solved that problem somehow and could guide me in the right direction ?

Thx and Best Regards

Wolfgang

0 Kudos
View By:
4 REPLIES 4

aborzenkov
‎2011-08-19 05:15 AM
6,139 Views

Good question. Have you tested whether setting of this ACE has any effect?

0 Kudos

rmharwood
‎2011-08-19 07:12 AM
6,139 Views

I could be wrong and I haven't done this very often, but I think all you need to do is to use the "CREATOR OWNER" principal and don't assign "change permissions" rights. I know this is supported by NetApp's CIFS implementation. You should test this to make sure it's doing what you want.

HTH,

Richard

Message was edited by: Richard Harwood Don't confuse principal and principle!

0 Kudos

storageadmins
‎2011-08-19 08:46 AM
In response to rmharwood
6,139 Views

Hi everybody,

thanks for the answers. I will definetely try out the CREATOR OWNER permission. I was not aware that this is possible in the netapp cifs implementation.

0 Kudos

storageadmins
‎2011-08-22 02:22 AM
In response to storageadmins
6,139 Views

So,

i tested a few things. Permissions on the CREATOR OWNER principal you can only set inside FilerView on the Share. If i try that with the explorer i get an Object not found error. If i set permissions on the share for everyone to full control and CREATOR OWNER to change, then there is no effect at all. Users can acces the share as before and the creators of files/directories are able to change permissions. If i set the permissions on the share for everyone to change, then the creators of files / directories are not able to change permissions anymore, this applies to old and to new files / directories. So i guess this is the way to go for me.

Regards

Wolfgang

0 Kudos
All Community Forums
Public