Mixed security style is a 15 year plus legacy that we did before we had full Windows domain integration. If your controllers are fully integrated into a domain service for both or can resolve users from UNIX and Windows you don't really need it... As Michael said, users gets confused as they and their apps change things, specifically for shared/group data. There are some use cases for file access apps where it doesn't matter, but I'd punt on one style or the other....
Many Thanks Anders Ljungberg Sr.Director ETO - Enterprise Transformation & Operations +14084821148
On 2 Nov 2015, at 10:07, Michael Bergman michael.bergman@ericsson.com wrote:
Justin Parisi wrote:
Keep in mind – using CIFS and NFS on the same shares doesn't mean you have to use mixed security style. In fact, I always recommend people pick NTFS or UNIX and stick with it. Mixed security style is a niche configuration and only needed if you have to change permissions from CIFS and NFS clients.
Indeed -- this is Very Good Advice(TM). Using "mixed security style" is a sure way to wreak havoc among the users, they will soon not understand at all why on earth they cannot access this or that file/dir. It's very very difficult to manage mixed style, and the end users absolutely cannot do it in any way at all. So at the very least it doesn't make sense on file trees where people, human beings, are involved in creating, accessing and changing the files there
For a use case where it's all more or less automatic in some application etc, yes maybe
N.B. You can have, and reasonably manage, Share Level ACLs on CIFS shares which are UNIX (NFS) style on File Level ACLs.
Tony Bar wrote:
[...] I qualify that with "regularly" because mixed-mode shares can get painful when you have a lot of files that flip back and forth between NTFS/NFS style permissions, but if the number of files in question is on the small side, it is a perfectly viable way to work.
I beg to differ here [small no of files doesn't really help!], but as always YMMV :-)
/M
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters