"The upcoming Data ONTAP 7.3 release
will address some important NFSv4 issues. These enhancements in the 7.3
release will also focus on the stability of the NFSv4 protocol. Therefore
you are advised to run NFSv4 with Data ONTAP 7.2.x releases in test
environments only. For production environments, wait to use NFSv4 with
Data ONTAP 7.3."
-------------------------------------------------------------------------
"Allow me to extol the virtues of the Net Fairy, and of all the fantastic
dorks that make the nice packets go from here to there. Amen."
TB - Penny Arcade
-------------------------------------------------------------------------
From:
tmac <tmacmd@gmail.com>
To:
"David Lee" <t.d.lee@durham.ac.uk>
Cc:
toasters@mathworks.com
Date:
04/23/2008 02:00 PM
Subject:
Re: mount.cifs; NetApp; owner/mode appearance
Problem with MIXED mode:
If you do a chown/chmod/chgroup, the ACL is wiped out and defaults
back to UNIX secuity.
Use NTFS or use UNIX. Mixed leaves too many holes you can run into.
What about NFSv4? This provides ACL mechanisms and is supported on
many common platforms.
--tmac
On Wed, Apr 23, 2008 at 12:24 PM, David Lee <t.d.lee@durham.ac.uk>
wrote:
> If this is an FAQ, feel free to point me in the right direction...
>
> Short-form:
> o UNIX-derived filesystem (qtree) on filer;
> o Linux client using "mount.cifs" to access qtree
via CIFS;
> o File ownerships look wrong; mode always shows as 777.
>
>
> Detail:
>
> We run a central fileserver on behalf of many users. A
particular new
> qtree is a fresh copy of a filesystem (on which many users each
have their
> own, self-owned subdirectory). It was previously hosted
on UNIX, and is
> still intended to be used solely in a UNIX context.
>
> But we (service providers) don't own the Linux machines which
will be
> connecting to this, therefore we are not exporting it as NFS
(host-based
> security) as this would compromise security. (User-A on
their Linux box
> could 'su' to root and then 'su' again to User-B and see User-B
files...
> this would be bad.)
>
> So we are trying to set things up so that the users can use
CIFS (which is
> user-based security). So we have set the qtree mixed mode
and made it a
> CIFS share on the filer. So far, so good.
>
>
>
> Overall: UNIX users on UNIX clients to UNIX-filesystems on filer,
but
> having to use CIFS rather than NFS as the protocol.
>
>
>
> When a user on their Linux client does:
> /sbin/mount.cifs //filer/qtree /local/mountpoint
>
> what they see is that all file ownerships are apparently their
own (even
> though this level shows the directory of self-owned subdirectories)
and
> that all permissions appear as 777 (rwxrwxrwx). The actual
workings seem
> to be OK, but the appearance is less than desirable.
>
> Presumably this is because the SMB/CIFS protocol cannot carry
the UNIX
> permissions and ownerships.
>
> 1. Is the above reasoning towards understanding the problem
more or less
> correct?
>
> 2. Is there any way around it? I understand that more
recent definitions
> of CIFS have UNIX extensions. Is this implemented in ONTAP?
>
> Our versions:
> filer: "NetApp Release 7.2.2"
> mount.cifs: 1.10
>
>
> Apologies if the question is poorly expressed!
>
>
>
> --
>
> : David Lee
I.T.
Service :
> : Senior Systems Programmer
Computer Centre :
> : UNIX Team Leader
Durham University
:
> :
South Road :
> : http://www.dur.ac.uk/t.d.lee/
Durham DH1 3LE
:
> : Phone: +44 191 334 2752
U.K.
:
>