ONTAP Discussions

Mixed Security Style and Multiprotocol Access

ERKANAKSOY

Hello,

I have a mixed mode security style qtree and I have shared it via CIFS and exported with NFS.

From a Windows client I can access, modify and create files. It's working OK.

From a RedHat 6 server I can access, modify files but not create. Export settings are looking to be true, NFS client IP has R/W access. When I try to create a file following happens :

 

[root@servername mixed]# touch x
touch: cannot touch `x': Permission denied

 

Any ideas whats going wrong here?

Thanks

 

DataONTAP 8.2 7-Mode

1 ACCEPTED SOLUTION

georgevj

Most probably because you do not have "write" permissions on the parent directory of "x".

This happens even for root because the effective security style of the volume would be NTFS at this time.

You can check this with the command " fsecurity show /vol/mixedvol" (substitute the appropriate volume name here)

 

The solution is to put correct name mapping in place via /etc/usermap.cfg.

Setting the option "cifs.nfs_root_ignore_acl" to "on"  may help for root user's access to the files.

 

You may also review the option "cifs.preserve_unix_security" and see if it applies here.

Check with "man options" for more details.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

View solution in original post

1 REPLY 1

georgevj

Most probably because you do not have "write" permissions on the parent directory of "x".

This happens even for root because the effective security style of the volume would be NTFS at this time.

You can check this with the command " fsecurity show /vol/mixedvol" (substitute the appropriate volume name here)

 

The solution is to put correct name mapping in place via /etc/usermap.cfg.

Setting the option "cifs.nfs_root_ignore_acl" to "on"  may help for root user's access to the files.

 

You may also review the option "cifs.preserve_unix_security" and see if it applies here.

Check with "man options" for more details.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public