Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Security style for new volume root with wafl.default_security_style == mixed
2010-04-24
10:35 PM
3,933 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While discussing another multiprotocol access issue I realized that I have never seen the answer to this. Let's suppose I set default security to mixed. Then newly created volume will get security style "mixed"; but which security will get root of this volume? It must have either Unix or ACL; how is one selected?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First off I will suggest against using mixed unless absolutely necessary. In most environments it's not a good thing.
That being said each file or directory will have either a set of UNIX permission bits or an Windows ACL. Any user (root included) will be mapped to the appropriate space according to the permissions on that file. This is why most people map root to a Windows Administrator account to make sure it works either way.
But I generally recommend choosing unix or ntfs for a security style if at all possible. Mixed mode is not required for multiprotocol access and picking one of the other two modes simplifies permission issues.
-- Adam Fox
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am sorry, but how does it answer my question?
Thank you for trying anyway
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I'll give it another shot...
It looks like your talking about the root inode of a newly created mixed volume. While I'm not a WAFL engineer I would assume it starts with UNIX permissions, but I doubt in most cases it matters since it's changeable at the first access and most sites have root mapped to Administrator (since ONTAP does this by default). With that mapping if a Windows admin mapped to root makes a change on that inode, poof, it's an ACL.
-- Adam Fox