Network and Storage Protocols

Security style for new volume root with wafl.default_security_style == mixed

aborzenkov
3,409 Views

While discussing another multiprotocol access issue I realized that I have never seen the answer to this. Let's suppose I set default security to mixed. Then newly created volume will get security style "mixed"; but which security will get root of this volume? It must have either Unix or ACL; how is one selected?

3 REPLIES 3

adamfox
3,408 Views

First off I will suggest against using mixed unless absolutely necessary. In most environments it's not a good thing.

That being said each file or directory will have either a set of UNIX permission bits or an Windows ACL. Any user (root included) will be mapped to the appropriate space according to the permissions on that file. This is why most people map root to a Windows Administrator account to make sure it works either way.

But I generally recommend choosing unix or ntfs for a security style if at all possible. Mixed mode is not required for multiprotocol access and picking one of the other two modes simplifies permission issues.

-- Adam Fox

aborzenkov
3,408 Views

I am sorry, but how does it answer my question?

Thank you for trying anyway

adamfox
3,408 Views

Ok, I'll give it another shot...

It looks like your talking about the root inode of a newly created mixed volume. While I'm not a WAFL engineer I would assume it starts with UNIX permissions, but I doubt in most cases it matters since it's changeable at the first access and most sites have root mapped to Administrator (since ONTAP does this by default). With that mapping if a Windows admin mapped to root makes a change on that inode, poof, it's an ACL.

-- Adam Fox

Public