ID-10t error. Even though I had closed all my windows to the share, the CIFS sessions did not terminate. Even though the WAFL credential's cache was updated, because the session never terminated, the group permissions never updated. Doh! Sorry for the wasted bandwidth.
Geoff
Geoff Hardin wrote:
Ok toasters, I've got a brain buster for you...
Here's the situation: I have a filer running ONTAP 6.1R1P1 (and no, I can't upgrade) with a qtree (/vol/vol0/cifs) set to UNIX style security. The qtree is owned by a user and a group. There is a directory, /vol/vol0/cifs/test, in this qtree owned by this same user and group, and the UNIX permissions are 2775 (drwxrwsr-x). From a UNIX system, I can create new files, delete files, edit files, and rename files, and the file permissions are correct (owned by me and the group that owns the directory).
Here's where it gets tricky. The qtree is shared via CIFS as \TOASTER\cifs. The share is set up with everyone / Full Control (because we control access via UNIX groups and users). I can see the directory, I can modify existing files, but I can not delete files, create new files, or rename files. The Windows clients are Windows 2000 and Windows NT 4.0.
My UNIX account and my Windows account are set up correctly in the usermap.cfg file. The local /etc/nis_group file is updated and correct. I am able to write to other shares on this filer, even to other directories in the share that have different UNIX permissions (i.e. 0755, 0775, or 0777).
What am I missing? Is this a bug, or just an ID-10t error?
Thanks,
Geoff
P.S. - I just checked my credentials using the `cifs sessions -s <username>` command and it came back with only two of my UNIX groups, specifically, not the group that owns the directory in question. I have turned on the `options nis.group_update.enable', and run `options nis.group_update_schedule now'. The local /etc/nis_group file is updated with the correct information, but even after removing myself from one of the additional groups, running `wcc -x`, and `options nis.group_update_schedule now', my credentials still show up with the same two groups (even though I am no longer part of one of them). Hmmm