Here is how I would do this (assuming that all the user ID's are the same between Windows and NIS):
1. Simply opt for an NTFS qtree since this is the granularity you need. This is also the most common even for mixed environments. 2. Allow usermap.cfg to equate the Windows/NIS usernames. The default settings should suffice if the names are the same.
Sometimes you have to play around with the suggestion here:
Unix group permissions on directory not enforced on CIFS users: http://now.netapp.com/Knowledgebase/solutionarea.asp?id=kb16326
Also see the 'Troubleshooter' here: http://now.netapp.com/NOW/knowledge/docs/olio/guides/ontap_troubleshooti ng
Good luck .............
Stetson M. Webster Onsite Professional Services Engineer PS - North Amer. - East
NetApp 919.250.0052 Mobile Stetson.Webster@netapp.com www.netapp.com http://www.netapp.com/
________________________________
From: Page, Jeremy [mailto:jeremy.page@gilbarco.com] Sent: Friday, May 09, 2008 1:48 PM To: Toasters Subject: RE: How well does Mixed mode qtrees work?
A lot of good replies. The problem that I've been running into is that if someone access a file via Windows any Unix users have problems with chmod.
I can't use Unix perms because there are places where I need more granularity then it permits. It looks like I'll just have to maintain a separate location for my NIS folks to use as their home directories and they'll just have to deal with the less comprehensive access control.
________________________________
From: Leeds, Daniel [mailto:dleeds@edmunds.com] Sent: Friday, May 09, 2008 12:36 PM To: Kevin Parker; tmac; Page, Jeremy Cc: Toasters Subject: RE: How well does Mixed mode qtrees work?
in this case, same user on windows and unix, would the following not be the best approach?
set vol permissions style as ntfs, then create an /etc/usermap.cfg to map unix to windows user?
we do this in a limited scenario for some applications so that the users can manipulate data from their windows workstations but the unix application server sees all those files and can access them as the correct uid/gid
just a thought.
-- Daniel Leeds Manager, Storage Operations Edmunds, Inc. 1620 26th Street, Suite 400 South Santa Monica, CA 90404
310-309-4999 desk 310-430-0536 cell
-----Original Message----- From: owner-toasters@mathworks.com on behalf of Kevin Parker Sent: Fri 5/9/2008 9:25 AM To: 'tmac'; 'Page, Jeremy' Cc: 'Toasters' Subject: RE: How well does Mixed mode qtrees work?
What you are seeking to do, is do-able however...if you're seeking to fulfill a requirement that both NFS and CIFS clients have access...you can still do this with either NTFS or UNIX style security. Can be NTFS security for an NFS client, or UNIX security and gain access from CIFS client.
Do a search on NOW for "multiprotocol access" or somesuch...should find tons of docs.
Without mixed mode, clients will get the ACL that is there...if UNIX style security, CIFS clients can access resources as long as they're allowed according to the ACL. Similarly, NFS clients access NTFS style security resources. You just need to get your usermapping correctly...CIFS clients must map to a UNIX user and vice-versa - depending on which protocol you decide on.
All mixed mode buys you is the ability to "set ACL's from either client", assuming they have rights to do so. Once you set the ACL in mixed mode, the ACL is either NTFS or UNIX and not "translated" to the client. The ACL will always be whatever the last client set it as, like tmac said.
G'luck!
Best regards, ~~~~~~~~~~~~~~~~ Kevin Parker Mobile: 919.606.8737 http://theparkerz.com ~~~~~~~~~~~~~~~~
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of tmac Sent: Friday, May 09, 2008 11:31 AM To: Page, Jeremy Cc: Toasters Subject: Re: How well does Mixed mode qtrees work?
The big problem is still there...
the last one to set permissions wins...
i.e. CIFS ACL wipes NFS perms NFS perms wipes CIFS ACLs
--tmac
On Fri, May 9, 2008 at 10:45 AM, Page, Jeremy jeremy.page@gilbarco.com wrote:
I know that "back in the day" there where some good reasons not to use mixed mode qtrees if at all possible. We've got folks accessing their home directories via NFS and CIFS depending on which of their workstations they are using so it would be very nice if I could use mixed mode. Is it realistic to do this in a production environment?
What are the drawbacks?
This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.
-- --tmac
RedHat Certified Engineer #804006984323821 (RHEL4) RedHat Certified Engineer #805007643429572 (RHEL5)
Principal Consultant
This message (including any attachments) contains confidential and/or proprietary information intended only for the addressee. Any unauthorized disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited and may constitute a violation of law. If you are not the intended recipient, please notify the sender immediately by responding to this e-mail, and delete the message from your system. If you have any questions about this e-mail please notify the sender immediately.