Hi all.. I asked this a few weeks ago:
If a qtree is using NTFS style permissions, and that same qtree is exported via NFS to a unix client...Is there a way to see the NTFS acl's from that unix client? The usual "ls -l" just shows what looks like mode 777.
I got some good responses, but I'm not seeing what I want to see.
Qtree on filer is security style NTFS. Qtree is exported to linux box via export file on filer: /vol/secgroup_group -sec=sys,rw=mfanfs,root=x.x.x.x,nosuid
Qtree is mounted on linux box:
mount -o vers=4,acl secgroup:/vol/secgroup_group /secgroup grep secgroup /proc/mounts
secgroup:/vol/secgroup_group/ /secgroup nfs4 rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=x.x.x.x,minorversion=0,local_lock=none,addr=x.x.x.x 0 0
NFS option on filer:
options nfs.ntacl
nfs.ntacl_display_permissive_perms on
From a windows box, using the CIFS share to that qtree, I can right click
on a file, select security, and then see/set the usual NTFS style ACLs.
When use getfacl from the unix box, I still only see the unix style (User,Group,Other) permissions.
What I'm hoping to see is the Windows style ACLs that are on the files.
I can see them from the filer:
secgroup@testfs1> fsecurity show /vol/secgroup_group/ccc/pit [/vol/secgroup_group/ccc/pit - File (inum 28476)] Security style: NTFS Effective style: NTFS
DOS attributes: 0x0020 (---A----)
Unix security: uid: xxxx(username) gid: 101 (groupname) mode: 0777 (rwxrwxrwx)
NTFS security descriptor: Owner: DOMAIN\username Group: DOMAIN\Domain Users DACL: Allow - DOMAIN\budget - 0x001f01ff (Full Control) Allow - Everyone - 0x001200a9 (Read and Execute) - (Inherited) Allow - DOMAIN\username - 0x001f01ff (Full Control) - (Inherited) Allow - DOMAIN\group - 0x001f01ff (Full Control) - (Inherited)
I am hoping to be able to see the above output, from the linux client. I'm looking for a way for users on linux clients to see the windows ACLs that are on this NTFS qtree.
Any suggestions?
Thanks.