The owner on both is the same, and there are about 5-6 groups that have permissions on both sides as well. And yet the 7-mode side returns 0700 for these. Quite odd.
From: "andrei.borzenkov@ts.fujitsu.com" andrei.borzenkov@ts.fujitsu.com To: Fred Grieco fredgrieco@yahoo.com; Toasters toasters@teaparty.net Sent: Sunday, July 17, 2016 3:04 PM Subject: RE: displayed unix permissions on ntfs qtree
#yiv6741386553 #yiv6741386553 -- _filtered #yiv6741386553 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv6741386553 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv6741386553 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv6741386553 {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;} _filtered #yiv6741386553 {panose-1:2 11 4 4 6 2 2 2 2 4;}#yiv6741386553 #yiv6741386553 p.yiv6741386553MsoNormal, #yiv6741386553 li.yiv6741386553MsoNormal, #yiv6741386553 div.yiv6741386553MsoNormal {margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;}#yiv6741386553 a:link, #yiv6741386553 span.yiv6741386553MsoHyperlink {color:blue;text-decoration:underline;}#yiv6741386553 a:visited, #yiv6741386553 span.yiv6741386553MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv6741386553 p.yiv6741386553MsoAcetate, #yiv6741386553 li.yiv6741386553MsoAcetate, #yiv6741386553 div.yiv6741386553MsoAcetate {margin:0cm;margin-bottom:.0001pt;font-size:8.0pt;}#yiv6741386553 p.yiv6741386553msoacetate, #yiv6741386553 li.yiv6741386553msoacetate, #yiv6741386553 div.yiv6741386553msoacetate {margin-right:0cm;margin-left:0cm;font-size:12.0pt;}#yiv6741386553 p.yiv6741386553msonormal, #yiv6741386553 li.yiv6741386553msonormal, #yiv6741386553 div.yiv6741386553msonormal {margin-right:0cm;margin-left:0cm;font-size:12.0pt;}#yiv6741386553 p.yiv6741386553msochpdefault, #yiv6741386553 li.yiv6741386553msochpdefault, #yiv6741386553 div.yiv6741386553msochpdefault {margin-right:0cm;margin-left:0cm;font-size:12.0pt;}#yiv6741386553 span.yiv6741386553msohyperlink {}#yiv6741386553 span.yiv6741386553msohyperlinkfollowed {}#yiv6741386553 span.yiv6741386553emailstyle17 {}#yiv6741386553 p.yiv6741386553msonormal1, #yiv6741386553 li.yiv6741386553msonormal1, #yiv6741386553 div.yiv6741386553msonormal1 {margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;}#yiv6741386553 span.yiv6741386553msohyperlink1 {color:blue;text-decoration:underline;}#yiv6741386553 span.yiv6741386553msohyperlinkfollowed1 {color:purple;text-decoration:underline;}#yiv6741386553 p.yiv6741386553msoacetate1, #yiv6741386553 li.yiv6741386553msoacetate1, #yiv6741386553 div.yiv6741386553msoacetate1 {margin:0cm;margin-bottom:.0001pt;font-size:8.0pt;}#yiv6741386553 span.yiv6741386553emailstyle171 {color:#1F497D;}#yiv6741386553 p.yiv6741386553msochpdefault1, #yiv6741386553 li.yiv6741386553msochpdefault1, #yiv6741386553 div.yiv6741386553msochpdefault1 {margin-right:0cm;margin-left:0cm;font-size:10.0pt;}#yiv6741386553 span.yiv6741386553BalloonTextChar {}#yiv6741386553 span.yiv6741386553EmailStyle31 {color:#1F497D;}#yiv6741386553 .yiv6741386553MsoChpDefault {font-size:10.0pt;} _filtered #yiv6741386553 {margin:2.0cm 42.5pt 2.0cm 3.0cm;}#yiv6741386553 div.yiv6741386553WordSection1 {}#yiv6741386553 Who is the owner of files on 7-Mode and C-Mode? Note that while owner does not matter for access check (unless you have explicit ACL for OWNER) to get 0700 permissions you must have only ACL for actual file owner. --- With best regards Andrei Borzenkov Senior system engineer FTS WEMEAI RUC RU SC TMS FOS FUJITSU Zemlyanoy Val Street, 9, 105 064 Moscow, Russian Federation Tel.: +7 495 730 62 20 ( reception) Mob.: +7 916 678 7208 Fax: +7 495 730 62 14 E-mail:Andrei.Borzenkov@ts.fujitsu.com Web:ru.fujitsu.com Company details:ts.fujitsu.com/imprint This communication contains information that is confidential, proprietary in nature and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) or the person responsible for delivering it to the intended recipient(s), please note that any form of dissemination, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender and delete the original communication. Thank you for your cooperation. Please be advised that neither Fujitsu, its affiliates, its employees or agents accept liability for any errors, omissions or damages caused by delays of receipt or by any virus infection in this message or its attachments, or which may otherwise arise as a result of this e-mail transmission. From: Fred Grieco [mailto:fredgrieco@yahoo.com] Sent: Sunday, July 17, 2016 8:54 PM To: Borzenkov, Andrei; Toasters Subject: Re: displayed unix permissions on ntfs qtree The ntfs acl on 7-mode and cDOT are the same. And they are obeyed with respect to access. The issue is with ssh keys -- the app needs to "see" 700 perms in order to function properly. So i'm trying to get the displayed permissions to match what they were in 7-mode. I've created a test folder and it looks like if i add any other user to the ACL, it will display 777. I even tried an user that doesn't share any groups (like Domain Users). Fred From: "andrei.borzenkov@ts.fujitsu.com" andrei.borzenkov@ts.fujitsu.com To: Fred Grieco fredgrieco@yahoo.com; Toasters toasters@teaparty.net Sent: Sunday, July 17, 2016 12:37 PM Subject: RE: displayed unix permissions on ntfs qtree Well, permissions bits for ntfs security style qtree are for display purposes anyway andshould “show the maximum access allowed to any user in the ACL”. May be C-Mode has some additional (inherited?) ACLs? Did you compare full ACL for a file in 7-Mode and C-Mode? --- With best regards Andrei Borzenkov Senior system engineer FTS WEMEAI RUC RU SC TMS FOS FUJITSU Zemlyanoy Val Street, 9, 105 064 Moscow, Russian Federation Tel.: +7 495 730 62 20 ( reception) Mob.: +7 916 678 7208 Fax: +7 495 730 62 14 E-mail:Andrei.Borzenkov@ts.fujitsu.com Web:ru.fujitsu.com Company details:ts.fujitsu.com/imprint This communication contains information that is confidential, proprietary in nature and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) or the person responsible for delivering it to the intended recipient(s), please note that any form of dissemination, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender and delete the original communication. Thank you for your cooperation. Please be advised that neither Fujitsu, its affiliates, its employees or agents accept liability for any errors, omissions or damages caused by delays of receipt or by any virus infection in this message or its attachments, or which may otherwise arise as a result of this e-mail transmission. From:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net]On Behalf Of Fred Grieco Sent: Sunday, July 17, 2016 4:06 PM To: Toasters Subject: displayed unix permissions on ntfs qtree I'm having an issue on the displayed permissions in linux, on an ntfs qtree. This is in cDOT 8.2.3. I have a vserver that's joined to an AD domain and NIS-enabled. Basically, most of the permissions display rwxrwxrwx on the linux, and it's not clear where it's getting these. The NIS/nfs permission themselves are obeyed -- I can only get to where I have access, on the linux side. This is a snapmirrored volume/qtree from a 7-mode filer. It's user directories The linux permissions from the 7-mode filer are almost exclusively rwx------. The ntfs permissions on the source and destinations match, and the NIS/AD/namemapping configs are the same. I"m not sure why it's not displaying the same permissions from linux on the source and destination. Fred
