I am inclined to agree with Tim, my experience has been that mixed mode can lead to a lot of chaos and sadness. One tech report which might be relevant here is called Security in NFS Storage Networks:
http://media.netapp.com/documents/tr_3387.pdf

As Tim suggests NFSv4 might be an option and provides a lot of nice features. Another choice could be Kerberos authentication, and this might be the way to go, though this will depend on your exact setup.

Let us know how it goes; this is indeed a fairly common issue caused by design deficiencies of standard NFSv3/NIS without any easy out of the box solution.

cheers
Kenneth

> Date: Wed, 23 Apr 2008 14:45:24 -0400
> From: tmacmd@gmail.com
> To: t.d.lee@durham.ac.uk
> Subject: Re: mount.cifs; NetApp; owner/mode appearance
> CC: toasters@mathworks.com
>
> Problem with MIXED mode:
>
> If you do a chown/chmod/chgroup, the ACL is wiped out and defaults
> back to UNIX secuity.
>
> Use NTFS or use UNIX. Mixed leaves too many holes you can run into.
>
> What about NFSv4? This provides ACL mechanisms and is supported on
> many common platforms.
>
> --tmac
>
> On Wed, Apr 23, 2008 at 12:24 PM, David Lee <t.d.lee@durham.ac.uk> wrote:
> > If this is an FAQ, feel free to point me in the right direction...
> >
> > Short-form:
> > o UNIX-derived filesystem (qtree) on filer;
> > o Linux client using "mount.cifs" to access qtree via CIFS;
> > o File ownerships look wrong; mode always shows as 777.
> >
> >
> > Detail:
> >
> > We run a central fileserver on behalf of many users. A particular new
> > qtree is a fresh copy of a filesystem (on which many users each have their
> > own, self-owned subdirectory). It was previously hosted on UNIX, and is
> > still intended to be used solely in a UNIX context.
> >
> > But we (service providers) don't own the Linux machines which will be
> > connecting to this, therefore we are not exporting it as NFS (host-based
> > security) as this would compromise security. (User-A on their Linux box
> > could 'su' to root and then 'su' again to User-B and see User-B files...
> > this would be bad.)
> >
> > So we are trying to set things up so that the users can use CIFS (which is
> > user-based security). So we have set the qtree mixed mode and made it a
> > CIFS share on the filer. So far, so good.
> >
> >
> >
> > Overall: UNIX users on UNIX clients to UNIX-filesystems on filer, but
> > having to use CIFS rather than NFS as the protocol.
> >
> >
> >
> > When a user on their Linux client does:
> > /sbin/mount.cifs //filer/qtree /local/mountpoint
> >
> > what they see is that all file ownerships are apparently their own (even
> > though this level shows the directory of self-owned subdirectories) and
> > that all permissions appear as 777 (rwxrwxrwx). The actual workings seem
> > to be OK, but the appearance is less than desirable.
> >
> > Presumably this is because the SMB/CIFS protocol cannot carry the UNIX
> > permissions and ownerships.
> >
> > 1. Is the above reasoning towards understanding the problem more or less
> > correct?
> >
> > 2. Is there any way around it? I understand that more recent definitions
> > of CIFS have UNIX extensions. Is this implemented in ONTAP?
> >
> > Our versions:
> > filer: "NetApp Release 7.2.2"
> > mount.cifs: 1.10
> >
> >
> > Apologies if the question is poorly expressed!
> >
> >
> >
> > --
> >
> > : David Lee I.T. Service :
> > : Senior Systems Programmer Computer Centre :
> > : UNIX Team Leader Durham University :
> > : South Road :
> > : http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
> > : Phone: +44 191 334 2752 U.K. :
> >
>
>
>
> --
> --tmac
>
> RedHat Certified Engineer #804006984323821 (RHEL4)
> RedHat Certified Engineer #805007643429572 (RHEL5)
>
> Principal Consultant

Express yourself instantly with MSN Messenger! MSN Messenger