Good Morning,

 

Since you folks are the guru's I thought I would bounce this off of you.  I have spoken to NetApp, however the solution they gave is going to be really hard to get approved.

 

We are seeing issues on our NetApp filers where we cannot manipulate certain files.  Here is an example of what we ran into last week.

 

Joe Smith leaves the company.  He has a Windows home directory that is set up on a NTFS qtree.  We go to backup his home directory (using a simple copy script) but a number of files won't copy because they are owned by "root" and we get the lovely "access denied" error.  The files cannot be copied, or opened, nor can we change permissions or ownership.  Files with this problem can however be deleted.  Not much of a backup if they are deleted, but not much of a backup.  Also interesting is that from within Windows Explorer if you right click on the properties of the file the "Security" tab that is normally present is not there.

 

I spent a bunch of time on the phone with NetApp this morning.  We tried adding my user account to the usermap.cfg as root and a couple of other things but nothing worked.  Their solution is that to resolve we must be OU admins at minimum. 

 

I wanted to run it by you folks to see if you have seen situations like this and if so, what you did to fix it.

 

 

A couple of other notes:

1) If you cd to the offending area and do an ls -l on the directory, problem files appear like the one below.

-rwxrwxrwx   1 root     root         694 Jan 22  1992 spcurins.ins

2) If you try to chown the file nothing changes

 

 

 

Hi Lewis

 

This has reference to the Case Id: 1122669 , here is the problem description

 

There are certain files which are created by other users and given specific permissions by those users. Qtree is an NTFS qtree. Customer wants to copy the file or edit the file using a different username which is not equivalent to administrator.

 

changed the option cifs.nfs_root_ignore_acl on .

changed the option wafl.default_unix_user root

 

After this disconnected the drive and tried accessing the file. Still access denied

 

You are unable to see the security tab on the file to change permission. Explained him that these files will have specific permissions and that is the reason he is not able to access the file

 

Only administrator of the Domain or administrator account of OU which was used to setup the file should be able to access the file. This is a windows issue and it working according the windows rules and permissions .In windows least restrictive permissions applies for the user.  This is true for any windows users and even if they are created on the local machine.

 

The only user who can access the file and take ownership and change permissions of the file is "administrator"

 

 

 

Mon Aug  8 10:14:32 EDT [auth.trace.authenticateUser.loginTrace:info]: AUTH: Login attempt by user millworth$ of domain MGC from client machine 134.86.78.194.

Mon Aug  8 10:14:32 EDT [auth.trace.spnegoAuthentication.statusMsg:info]: AUTH: SPNEGO- Attempting to map PC user to UNIX user millworth$.

Mon Aug  8 10:14:32 EDT [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user millworth$ to Unix user root.

Mon Aug  8 10:14:32 EDT [auth.trace.authenticateUser.loginAccepted:info]: AUTH: Login by millworth$ from 134.86.78.194 accepted.