As explained in the security guide, access to files with NT security is based on the NT account, while access to files with UNIX security is based on the UNIX account. You can review
http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/inde... tml
to understand multi-protocol security. This is described in the "Concepts" section.
Mark
-----Original Message----- From: Michael van Elst [mailto:mlelstv@xlink.net] Sent: Thursday, June 01, 2000 4:07 AM To: Muhlestein, Mark Cc: mlelstv@xlink.net; toasters@mathworks.com Subject: Re: NT + Unix access rights
On Wed, May 31, 2000 at 04:54:56PM -0700, mark.muhlestein@netapp.com wrote:
I see your problem: WEBMAILER\Administrator is not a member of BUILTIN\Administrators on the filer. You should add
"WEBMAILER\Domain Admins" as
a member of BUILTIN\Administrators on the filer using User
Manager for Domains.
By default, only the "Domain Admins" group from the domain
the filer is
installed into is placed as a member of the filer's
BUILTIN\Administrators
group.
Would this give the WEBMAILER\Domain Admins full authority over the files that use the UNIX security model or just over those files that use the NT security model ?
After fixing this, you're going to want to do a "wcc -x" to
force a remapping.
Mark
-----Original Message----- From: Michael van Elst [mailto:mlelstv@xlink.net] Sent: Wednesday, May 31, 2000 4:20 PM To: Muhlestein, Mark Cc: mlelstv@xlink.net Subject: Re: NT + Unix access rights
On Wed, May 31, 2000 at 04:02:42PM -0700, mark.muhlestein@netapp.com wrote:
Hi,
This is a mixed qtree, right? Can you send the output of
"wcc -dvv" after
attempting to do the "chown"? The mapped user doing the
"chown" has to be a
member of builtin\administrators.
here is the relevant part:
root (UID 0) from 123.45.67.89 => WEBMAILER\Administrator *************** UNIX uid = 0
NT membership WEBMAILER\Administrator WEBMAILER\Domain Users WEBMAILER\Domain Admins User is also a member of Everyone, Network Users, Authenticated Users ***************Michael van Elst
Mark
-----Original Message----- From: Michael van Elst [mailto:mlelstv@xlink.net] Sent: Wednesday, May 31, 2000 2:56 PM To: Muhlestein, Mark Cc: mlelstv@xlink.net; toasters@mathworks.com Subject: Re: NT + Unix access rights
On Tue, May 30, 2000 at 01:34:03PM -0700, mark.muhlestein@netapp.com wrote:
> Apparently the file uses the NT security model in the
mixed qtree
> and the file owner has locked himself and others out.
If this is the case, you should be able to take
ownership from NT.
This was unsuccessful so far.
There was a bug with take ownership (#21325), which is fixed in 5.3.5R2.
I have to check with other people if upgrading the
current production
system to, what I was told is an early-access release, is
an option.
You should also be able to do a "chmod" or "chown" from NFS root and get
control of the file.
This is not possible. Both fail with the error "Not owner".
If that fails, you should do the rc_toggle_basic command
"lock_dump -f" and see if
your file is locked.
The files are not locked according to lock_dump -f.
-- i.A. Michael van Elst / phone: +49 721 9652 330 Xlink - Network Information Centre / fax: +49 721 9652 349 Emmy-Noether-Strasse 9 /\ link
D-76131 Karlsruhe, Germany /_______ email: hostmaster@xlink.net [ KPNQwest Germany GmbH, Sitz Karlsruhe ] [ Amtsgericht Karlsruhe HRB 8161, Geschaeftsfuehrer: Koen Bertoen ]
-- i.A. Michael van Elst / phone: +49
721 9652 330
Xlink - Network Information Centre / fax: +49
721 9652 349
Emmy-Noether-Strasse 9 /\ link
D-76131 Karlsruhe, Germany /_______ email:
hostmaster@xlink.net
[ KPNQwest Germany GmbH, Sitz Karlsruhe
][ Amtsgericht Karlsruhe HRB 8161, Geschaeftsfuehrer: Koen
Bertoen ]
i.A. Michael van Elst / phone: +49 721 9652 330 Xlink - Network Information Centre / fax: +49 721 9652 349 Emmy-Noether-Strasse 9 /\ link http://nic.xlink.net/ D-76131 Karlsruhe, Germany /_______ email: hostmaster@xlink.net [ KPNQwest Germany GmbH, Sitz Karlsruhe ] [ Amtsgericht Karlsruhe HRB 8161, Geschaeftsfuehrer: Koen Bertoen ]