Re: Difference between 7-mode and Ontap 9 in security-style=mixed

MASAYASUOKAZAKI · ‎2018-09-11

I am comparing the environment between the old 7-mode ontap and the new Ontap 9 to be migrated.

In this environment, CIFS is used on the volume created with security-style=mixed.

I mounted the volume from Windows and opened the top directory property of the volume from Explorer. (qtree is not used.)

Looking at the Property Security tab, in the Ontap 9 environment, it seems that a user called "root(UNIXPermUid\root)" and ""root(UNIXPermGid\root)"" is registered.

However, in 7-mode, such users are not displayed.

Even in the environment of Ontap 9, if security-style=ntfs, it seems that such users will not be displayed.

In 7-mode and Ontap 9, Do the volumes created in security-style=mixed behave differently?

Or, is there merely a difference on the display, does not it affect the operation?

GidonMarcus · ‎2018-09-11

Hi

in mixed mode (in both 7-mode and cdot) each object (folder or a file) will have both a unix and a windows ACL. with only one of them is effective(the one last created or ACL modified on). it's sounds like in your cdot environment the permission is not yet set via windows client and that's why you see the ACL mapping of the unix one - to a windows one.

you can see the effective ACL with "security show /vol/name" on the 7-mode and "vserver security file-directory show -vserver SVM -path /vol_name" on Cdot

You can go ahead and change it now, and it will take place.

i will also add that mixed mode can be very confusing, and there's very few good use cases to use it.

for access the same dataset from both linux and windows - it should not be used, a user mapping, or mounting via a single protocol (nfs or smb via any OS) is the right way.

Gidi

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

Difference between 7-mode and Ontap 9 in security-style=mixed

Get ready to power on