We are using share with forcegorup option:

 

Name         Mount Point                       Description

----         -----------                       -----------

pool        /vol/vol1/share                    common pool

             ... forcegroup=s_group

                        DOMAIN\Special_users / Full Control

 

Where “s_group” is Unix group. /vol/vol1/share itself has Unix security style.

 

You still have to make sure that Unix group “group” has required access to files; but you would need to ensure this anyway. And you can limit access to a share using NT group membership.

 

This is less administration as long as you do not need to track file ownership.

 

С уважением / With best regards / Mit freundlichen Grüβen

---
Andrey Borzenkov
Senior system engineer


From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Fox, Adam
Sent: Saturday, December 06, 2008 5:52 AM
To: oskar@sfu.ca; toasters@mathworks.com
Subject: Re: Unix <=> NTFS permissions question

 

You can't map groups, but if you can ensure that every Windows user belongs to a group that can read/write the files.  Each CIFS user will map to a UNIX user with UNIX groups.

If, by some chance the controller can't map to a UNIX user, you can set the option cifs.default_unix_user to the UNIX user who owns the files.  But this only works if the controller can't map to a UNIX user.

-- Adam Fox
------------------------
Typed with my thumbs on a very small keyboard.


----- Original Message -----
From: Oskar Pienkos <opienkos@sfu.ca>
To: toasters@mathworks.com <toasters@mathworks.com>
Sent: Fri Dec 05 17:36:06 2008
Subject: Unix <=> NTFS permissions question

Hello Toaster Experts!

We are currently mounting an NFS directory, e.g. /home/production from a filer to a Solaris 10 box.  Security is done by local passwd entries.  We need to export this directory via CIFS with read and write access to a group of windows developers ( a group in Active Directory.)  Is there a way to do this without converting the filer security from UNIX to NTFS? The shares is owned by a single unix UID but will be accessed by multiple AD users. Is there a way to translate AD groups into Unix groups since usermap.cfg seems to translate only user IDs.
We don't want to run mixed-mode security.

Thanks a lot.

Oskar