I don't think that's it, because I'm just using the default policy and it's wide open. The root vol and the data310 vol both use the default policy, and it's setup like this:
export-policy rule show -vserver flsm-fs01 -policyname default -fields rw,ro,clientmatch,protocol
(vserver export-policy rule show) vserver policyname ruleindex protocol clientmatch rorule rwrule --------- ---------- --------- -------- ----------- ------ ------ flsm-fs01 default 1 cifs,nfs 0.0.0.0/0 any any
which looks good to me. And I can browse via CIFS, go up and down levels. Just can't create anything.
tmac> check your "export-policy" for all junctions involved..../ and /data310 tmac> vol show -fields policy
tmac> then look at the rules. tmac> export-policy rule show -policy <policy name>
tmac> Make sure your host access from has at least read access to / tmac> and the host has write access to /data310.
tmac> --tmac
tmac> Tim McCarthy, Principal Consultant
tmac> On Fri, Apr 1, 2016 at 11:54 AM, John Stoffel john@stoffel.org wrote:
tmac> Guys, tmac> I'm banging my head on the wall trying to setup an NFS filesystem on a tmac> cDOT 8.2 VServer to also be shared using CIFS. I can see the volume tmac> and look at it from Windows, but I can't create any files or tmac> directories.
tmac> Just to make sure I'm not smoking anything, here's what I did:
tmac> > vol create -vserver flsm-fs01 -vol data310 -size 1t -junction-path /data310 -aggr sas1n2
tmac> > vol modify -vserver flsm-fs01 -vol data310 -unix-permissions 777
tmac> And here's now it looks now:
tmac> flsm-ntap1::> vol show tmac> (volume show) tmac> Vserver Volume Aggregate State tmac> Type Size Available Used% tmac> --------- ------------ ------------ ---------- tmac> ---- ---------- ---------- ----- tmac> flsm-fs01 data310 sas1n2 online tmac> RW 5TB 4.75TB 5%
tmac> And I can see it just fine with NFS, etc. My unix username is tmac> 'stoffj' and my windows username is 'TAEC_IRV1\stoffj' so it should tmac> just map cleanly over using the defaults.
tmac> > cifs show tmac> tmac> Server Status Domain/Workgroup Authentication tmac> Vserver Name tmac> Admin Name Style tmac> ----------- tmac> --------------- --------- ---------------- -------------- tmac> flsm-fs01 FLSM-FS01 tmac> up TAEC_IRV1 domain
tmac> > cifs share show tmac> Vserver Share Path Properties tmac> Comment ACL tmac> -------------- ------------- ----------------- ---------- tmac> -------- ----------- tmac> flsm-fs01 data310 /data310 oplocks - tmac> Everyone / Full Control tmac> tmac> tmac> tmac> tmac> tmac> browsable tmac> tmac> changenotify
tmac> I even setup and looked at the "security trace" stuff to try and tmac> figure it out. And it complains that my UNIX security is messed up. tmac> I've tried to cut'n'paste this info, but all the tabs keep expanding tmac> in wierd ways and cause all kinds of havoc here.
tmac> Here's an example error:
tmac> n2 1 User: TAEC_IRV1\stoffj Access is denied by UNIX tmac> permissions while creating tmac> tmac> tmac> tmac> tmac> the directory. tmac> tmac> Security tmac> Style: UNIX tmac> tmac> permissions tmac> tmac> Path: /john/ tmac> dir2/New tmac> tmac> folder
tmac> Now the interesting thing is that the path shown looks to be at the tmac> level UNDER the CIFS share. But it should be ok, right? Here's my tmac> permission settings:
tmac> flsm-ntap1::> file-directory show -vserver flsm-fs01 -path / tmac> data310/john/dir2 tmac> (vserver security file-directory show)
tmac> tmac> Vserver: flsm-fs01 tmac> tmac> File Path: /data310/john/dir2 tmac> tmac> Security Style: unix tmac> tmac> Effective Style: unix tmac> tmac> DOS Attributes: 10 tmac> DOS Attributes in Text: ----D--- tmac> Expanded Dos Attributes: - tmac> tmac> Unix User Id: 61255 tmac> tmac> Unix Group Id: 4901 tmac> tmac> Unix Mode Bits: 2775 tmac> Unix Mode Bits in Text: rwxrwsr-x tmac> tmac> tmac> ACLs: -
tmac> The mode bits are what we want, so that directories and files inherit tmac> their group ownership properly. I haven't setup any local users or tmac> groups, nor have I done any mappings, since it supposedly will do that tmac> for me.
tmac> On the Unix side we're using NIS to authenticate, and that seems to be tmac> working just fine.
tmac> Any hints?
tmac> John tmac> _______________________________________________ tmac> Toasters mailing list tmac> Toasters@teaparty.net tmac> http://www.teaparty.net/mailman/listinfo/toasters