tmacmd at gmail
May 9, 2008, 12:10 PM
Post #6 of 7
(339 views)
Permalink
|
|
Re: How well does Mixed mode qtrees work?
[In reply to]
|
|
I was under the impression, you could use mount_smbfs to mount a CIFS
share from a netapp and then
turn around and use the smb commands to manipulate the ACL's.
Never tried it, though in theory, it should work.
--tmac
On Fri, May 9, 2008 at 1:47 PM, Page, Jeremy <jeremy.page[at]gilbarco.com> wrote:
> A lot of good replies. The problem that I've been running into is that if
> someone access a file via Windows any Unix users have problems with chmod.
>
>
>
> I can't use Unix perms because there are places where I need more
> granularity then it permits. It looks like I'll just have to maintain a
> separate location for my NIS folks to use as their home directories and
> they'll just have to deal with the less comprehensive access control.
>
> ________________________________
>
> From: Leeds, Daniel [mailto:dleeds[at]edmunds.com]
> Sent: Friday, May 09, 2008 12:36 PM
> To: Kevin Parker; tmac; Page, Jeremy
> Cc: Toasters
> Subject: RE: How well does Mixed mode qtrees work?
>
>
>
>
>
> in this case, same user on windows and unix, would the following not be the
> best approach?
>
> set vol permissions style as ntfs, then create an /etc/usermap.cfg to map
> unix to windows user?
>
> we do this in a limited scenario for some applications so that the users can
> manipulate data from their windows workstations but the unix application
> server sees all those files and can access them as the correct uid/gid
>
> just a thought.
>
> --
> Daniel Leeds
> Manager, Storage Operations
> Edmunds, Inc.
> 1620 26th Street, Suite 400 South
> Santa Monica, CA 90404
>
> 310-309-4999 desk
> 310-430-0536 cell
>
>
>
> -----Original Message-----
> From: owner-toasters[at]mathworks.com on behalf of Kevin Parker
> Sent: Fri 5/9/2008 9:25 AM
> To: 'tmac'; 'Page, Jeremy'
> Cc: 'Toasters'
> Subject: RE: How well does Mixed mode qtrees work?
>
> What you are seeking to do, is do-able however...if you're seeking to
> fulfill a requirement that both NFS and CIFS clients have access...you can
> still do this with either NTFS or UNIX style security. Can be NTFS security
> for an NFS client, or UNIX security and gain access from CIFS client.
>
> Do a search on NOW for "multiprotocol access" or somesuch...should find tons
> of docs.
>
> Without mixed mode, clients will get the ACL that is there...if UNIX style
> security, CIFS clients can access resources as long as they're allowed
> according to the ACL. Similarly, NFS clients access NTFS style security
> resources. You just need to get your usermapping correctly...CIFS clients
> must map to a UNIX user and vice-versa - depending on which protocol you
> decide on.
>
> All mixed mode buys you is the ability to "set ACL's from either client",
> assuming they have rights to do so. Once you set the ACL in mixed mode, the
> ACL is either NTFS or UNIX and not "translated" to the client. The ACL will
> always be whatever the last client set it as, like tmac said.
>
> G'luck!
>
> Best regards,
> ~~~~~~~~~~~~~~~~
> Kevin Parker
> Mobile: 919.606.8737
> http://theparkerz.com
> ~~~~~~~~~~~~~~~~
>
> -----Original Message-----
> From: owner-toasters[at]mathworks.com [mailto:owner-toasters[at]mathworks.com] On
> Behalf Of tmac
> Sent: Friday, May 09, 2008 11:31 AM
> To: Page, Jeremy
> Cc: Toasters
> Subject: Re: How well does Mixed mode qtrees work?
>
> The big problem is still there...
>
> the last one to set permissions wins...
>
> i.e. CIFS ACL wipes NFS perms
> NFS perms wipes CIFS ACLs
>
> --tmac
>
> On Fri, May 9, 2008 at 10:45 AM, Page, Jeremy <jeremy.page[at]gilbarco.com>
> wrote:
>> I know that "back in the day" there where some good reasons not to use
>> mixed mode qtrees if at all possible. We've got folks accessing their
>> home directories via NFS and CIFS depending on which of their
>> workstations they are using so it would be very nice if I could use
>> mixed mode. Is it realistic to do this in a production environment? What
> are the drawbacks?
>>
>> This message (including any attachments) contains confidential and/or
>> proprietary information intended only for the addressee.
>> Any unauthorized disclosure, copying, distribution or reliance on the
>> contents of this information is strictly prohibited and may constitute
>> a violation of law. If you are not the intended recipient, please
>> notify the sender immediately by responding to this e-mail, and delete
>> the message from your system. If you have any questions about this
>> e-mail please notify the sender immediately.
>>
>
>
>
> --
> --tmac
>
> RedHat Certified Engineer #804006984323821 (RHEL4) RedHat Certified Engineer
> #805007643429572 (RHEL5)
>
> Principal Consultant
>
> This message (including any attachments) contains confidential
> and/or proprietary information intended only for the addressee.
> Any unauthorized disclosure, copying, distribution or reliance on
> the contents of this information is strictly prohibited and may
> constitute a violation of law. If you are not the intended
> recipient, please notify the sender immediately by responding to
> this e-mail, and delete the message from your system. If you
> have any questions about this e-mail please notify the sender
> immediately.
>
--
--tmac
RedHat Certified Engineer #804006984323821 (RHEL4)
RedHat Certified Engineer #805007643429572 (RHEL5)
Principal Consultant
|
attd5091.bmp
