ONTAP Discussions

fsecurity show UNIX Security

James_M
4,277 Views

We have an issue with volumes created on our NetApp and the ability to access them from Linux workstations

Background information
- NetApp Release 8.2.1  7 Mode

- NFS v3

 

Having created a new volume with associated share and export, we are mounting them to Ubuntu 14.04 using the umount command.  We have noticed that some of the more recently created volumes are mounted correctly, but it is not possible to access them from the mount point, it returns a message that you do not have sufficient permissions.

 

We have checked the following in he NetApp OnCommand System Manager.....

- The share access controls are everyone - Full control

- The client permissions for Export are set so the UNIX security has the clients All hosts with the permissions Allow Read Write

 

However, we are still not able to resolve the issue.  We have looked into the fsecurity on the SAN and noticed the following.......

 

     The volume James is accessible with read/write permissions from both a windows client and also a Unix workstation (when mounted), so as far as we are concerned, it is set up as we need it to be

 

SAN0D> fsecurity show /vol/James

[/vol/James - Directory (inum 64)]

  Security style: Mixed

  Effective style: Unix

 

  DOS attributes: 0x0030 (---AD---)

 

  Unix security:

    uid: 1000 (projname)

    gid: 1000

    mode: 0777 (rwxrwxrwx)

 

  No security descriptor available.

 

     The James2 volume can be mounted, but is not accessible from the Linux workstation

 

SAN0D> fsecurity show /vol/James2

[/vol/James2 - Directory (inum 64)]

  Security style: Mixed

  Effective style: Unix

 

  DOS attributes: 0x0010 (----D---)

 

  Unix security:

    uid: 0 (root)

    gid: 0

    mode: 0755 (rwxr-xr-x)

 

  No security descriptor available.

 

 

The difference we have noticed is in the Unix Security section with the uid, the gid and the mode.

 

Assuming that this the correct diagnosis of the issue, how do we go about making changes to these settings?

 

 

 

 

 

3 REPLIES 3

Naveenpusuluru
4,257 Views

Hi @James_M

 

NetApp suggested not to use mixed security style. You can keep ntfs or unix security style and make volume or qtree accessable by giving appropriate entries on usermap.cfs and password file.

 

rdfile /etc/usermap.cfg

 

rdfile /etc/passwd

 

Also please post the output of exportfs and rdfile /etc/exports.

JGPSHNTAP
4,254 Views

^^

 

Exactly, you need to pick one, NTFS or Unix.  If this isn't a mixed mount then straight unix security style.

 

If it's a multi-protocol share, NTFS, and then all the permissions are controlled via AD

aborzenkov
4,231 Views
What exactly "not accessible" means? Paste exact command and its output (error message) that demonstrates it.
Public