Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

User doesn't have write permissions for Home Directory

tjohnston1
‎2009-06-08 06:33 AM
5,546 Views

I'm new to working with our NetApp.  I'm working on a project to migrate our File Server duties from Novell to our NetApp FAS2020.  I'm using a Windows Server 2003/2008 domain to replace other parts of the Novell server.

I've got some progress made on the Home drives for our users.  I've set up a CIFS home dir and created a few folders. I've been able to successfully access the home directory using the NTNaming convention: \\toaster\username.  It appears my test users are only able to write to their home directory if they're an admin that has permissions, or if I give "everyone" write permssions to the parent directory.  If I give "everyone" full access to the parent directory then the users could access each other's files.

How do I go about giving each user full access to their home directory without giving them access to everyone else's directories?

Along those same lines, is it possible to set permissions of sub directories independently of the parent?  I'd like to give everyone read access to a given share drive, but have a few select users with write permissions to specific sub directories that they provide content for.  With a Novell drive I'm able to change the rights of a specific file or folder, but I don't get that option when I right click on any of the NetApp directories.  Is there someway to give Domain Admins ability to change the permissions for a given share or directory by right clicking on that directory?

Thanks,

Tommy

0 Kudos
View By:
3 REPLIES 3

adamfox
NetApp Alumni
‎2009-06-08 08:54 AM
5,546 Views

You want to use the cifs_homedir feature of ONTAP.  Then don't share out the other parts of the volume/qtree to the general user population (admins are ok).  By using this option, users will see a share with their username, but no one else's.

Here's the relevant section of the manual set to get you going.

http://now.netapp.com/NOW/knowledge/docs/ontap/rel7311/html/ontap/filesag/accessing/task/t_oc_accs_managing_home_directories.html

Hope this helps.

0 Kudos

tjohnston1
‎2009-06-08 10:27 AM
In response to adamfox
5,546 Views

I've been trying to follow that documentation unsuccessfully...

I'm following this documentation:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel7311/html/ontap/filesag/accessing/task/t_oc_accs_creating_directories_in_a_home_directory_path.html#...

Step 4 says:

Make each user the owner of his or her home directory.

For example, make HQ\jsmith the owner of the /vol/vol1/homedir/HQ/jsmith home directory and UK\jsmith the owner of the /vol/vol1/homedir/UK/jsmith home directory.

The user with the name HQ\jsmith can attach to the jsmith share corresponding to the /vol/vol1/homedir/HQ/jsmith home directory. The user with the name UK\jsmith can attach to the jsmith share corresponding to the /vol/vol1/homedir/UK/jsmith home directory.

I'm a bit puzzeled as to how one makes each user the owner of his or her home directory.  I've got my cifs_homedir.cfg set up with a path to my desired directory:  /vol/ontap_root/UserDocs.  I've created several user directories under this directory (i.e: /vol/ontap_root/UserDocs/<user name>.

I've been able to load the cifs_homedir.cfg at the command line, and I can run the command cifs homedir showuser <username> and it does return a path for the 3 users that I've created directories for.

It seems the only thing I'm missing is this Step 4 making each user the owner of the folder as my users have read access, but cannot create any new files in their own home directories.  Any help on how to perform this action in Step 4?

0 Kudos

tjohnston1
‎2009-06-09 09:31 AM
In response to tjohnston1
5,546 Views

I managed to get what I wanted done, which was to give the Users Full access to their own user directory without giving them full access to see other user's directories.

I had to create a directory for the user drives under another Shared Directory (in my case it was Home).  I created a share for the Home/UserDocs directory and gave everyone full access, and restricted the Home share to Admins only.  When I recreated the CIFS Home Dir path to this new Home/UserDocs path, it created shortcut with the ntname style:  \\Toaster\<username> and each user had full access to read/write to their own drive.  Non-Admin users trying to browse the Home directory are getting the Permissions error, so they cannot see any other user's folder.

I'm not sure if this is the preferred way to accomplish this task, but it appears to work the way I'm looking for.  If anybody has any recommendations on other ways to get this done, please let me know.

0 Kudos
Announcements
All Community Forums
Public