We are using share with
forcegorup option:
Name
Mount Point Description
----
----------- -----------
pool
/vol/vol1/share common pool
...
forcegroup=s_group
DOMAIN\Special_users / Full Control
Where “s_group” is Unix
group. /vol/vol1/share itself has Unix security style.
You still have to make
sure that Unix group “group” has required access to files; but you would need
to ensure this anyway. And you can limit access to a share using NT group
membership.
This is less administration
as long as you do not need to track file ownership.
С уважением / With best regards / Mit freundlichen Grüβen
---
Andrey Borzenkov
Senior system engineer
From:
owner-
Sent: Saturday, December 06, 2008
5:52 AM
To: oskar@sfu.ca;
Subject: Re: Unix <=> NTFS
permissions question
You can't
map groups, but if you can ensure that every Windows user belongs to a group
that can read/write the files. Each CIFS user will map to a UNIX user
with UNIX groups.
If, by some chance the controller can't map to a UNIX user, you can set the
option cifs.default_unix_user to the UNIX user who owns the files. But
this only works if the controller can't map to a UNIX user.
-- Adam Fox
------------------------
Typed with my thumbs on a very small keyboard.
----- Original Message -----
From: Oskar Pienkos <opienkos@sfu.ca>
To:
Sent: Fri Dec 05 17:36:06 2008
Subject: Unix <=> NTFS permissions question
Hello Toaster Experts!
We are currently mounting an NFS directory, e.g. /home/production from a filer
to a Solaris 10 box. Security is done by local passwd entries. We
need to export this directory via CIFS with read and write access to a group of
windows developers ( a group in Active Directory.) Is there a way to do
this without converting the filer security from UNIX to NTFS? The shares is
owned by a single unix UID but will be accessed by multiple AD users. Is there
a way to translate AD groups into Unix groups since usermap.cfg seems to
translate only user IDs.
We don't want to run mixed-mode security.
Thanks a lot.
Oskar