We have a filer that serves files in a qtree with both NFS and CIFS.
The file security style is currently Unix.
The qtree has about 7000 files using about 150G.
CIFS authentication is done via a Windows DC and we have a Unix passwd NIS map for converting the Windows users to Unix users.
There are over 100 folks using this share. Each one owns a directory (not a home directory -- just storage) and each one wants to be able to grant some of the 100 other users access to their folder. Plus they have an admin who needs to be able to manipulate access rights on everything.
Obviously Unix security style isn't going to cut it. So we want to switch the qtree to NTFS security style.
We switched a test qtree from Unix to NTFS style and discovered that no one (not even a Windows user with admin privs in the domain) has "modify" or "full control" rights on any file or folder that already exists. So it looks like we can't change the ACLs on anything that already exists. If a Windows user creates a new folder or file, then he has the ability to change the ACL.
Has anyone else switched a qtree from Unix to NTFS style? Is there anything we can do either before or after we switch the security style to make it possible to set ACLs on files that already exist?
I didn't try logging in to CIFS as a local filer user. Is that the secret?
I suppose we could create a new empty qtree with NTFS style and copy the files from the old qtree to the new one. But I would really like to avoid that if possible.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support