IHAC who had to make an upgrade from 7.0.3 due to SnapMirror bug. 7.0.6 would be sufficient but I convinced him to jump to 7.2.2 due to some interesting features (both releases are GD). I have studied upgrade guide, bugs and all other documentation and I have found no potential problem. But I was wrong... Customer's scripts stopped to work because NetApp introduced undocumented "feature": access rights displayed by NFS3 client on NTFS volumes are empty (all files have d---------) although access rights are correctly mapped.
NetApp provided some kind of workaround but displayed access rights are always only rough approximation. Is there any Unix tool that can read native NTFS ACLs? (SecureShare can read Unix rwx from Windows hosts however it cannot be scripted...) It will solve the customer's problem for ever (NetApp can always change the way of approximation in future releases...)
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 000748-5, 2007-06-13 Tested on: 2007-06-13 22:30:19 avast! - copyright (c) 1988-2007 ALWIL Software. http://www.avast.com
-- Opole - Miasto Bez Granic. http://www.opole.pl - tu znajdziesz nowe miejsca, nowe moÂżliwoÂści, nowe inspiracje...
What about getfacl? Does it work?
I believe, if you had a NFSv4 client, you could then use gefacl to read the acl on the file/directory.
On 6/13/07, JacekN janosldx@gazeta.pl wrote:
IHAC who had to make an upgrade from 7.0.3 due to SnapMirror bug. 7.0.6 would be sufficient but I convinced him to jump to 7.2.2 due to some interesting features (both releases are GD). I have studied upgrade guide, bugs and all other documentation and I have found no potential problem. But I was wrong... Customer's scripts stopped to work because NetApp introduced undocumented "feature": access rights displayed by NFS3 client on NTFS volumes are empty (all files have d---------) although access rights are correctly mapped.
NetApp provided some kind of workaround but displayed access rights are always only rough approximation. Is there any Unix tool that can read native NTFS ACLs? (SecureShare can read Unix rwx from Windows hosts however it cannot be scripted...) It will solve the customer's problem for ever (NetApp can always change the way of approximation in future releases...)
Best regards,
Jacek
avast! Antivirus: Outbound message clean. Virus Database (VPS): 000748-5, 2007-06-13 Tested on: 2007-06-13 22:30:19 avast! - copyright (c) 1988-2007 ALWIL Software. http://www.avast.com
-- Opole - Miasto Bez Granic. http://www.opole.pl - tu znajdziesz nowe miejsca, nowe moÂżliwoÂści, nowe inspiracje...
NetApp provided some kind of workaround but displayed access rights are always only rough approximation. Is there any Unix tool that can read native NTFS ACLs? (SecureShare can read Unix rwx from Windows hosts however it cannot be scripted...) It will solve the customer's problem for ever (NetApp can always change the way of approximation in future releases...)
I don't know about "Unix", but as far as I am aware there is no (standard) way to use ACLs over NFSv3. When Solaris added ACLs to NFS, they used private extentions. v4 should (eventually) change that.
Smbclient would seem to be the tool to use so you could query the CIFS side of things, but I don't think it has any method of explicitly displaying ACLs.
Hi,
On Wed, 13 Jun 2007 22:30:15 +0200 JacekN janosldx@gazeta.pl wrote:
IHAC who had to make an upgrade from 7.0.3 due to SnapMirror bug. 7.0.6 would be sufficient but I convinced him to jump to 7.2.2 due to some interesting features (both releases are GD). I have studied upgrade guide, bugs and all other documentation and I have found no potential problem. But I was wrong... Customer's scripts stopped to work because NetApp introduced undocumented "feature": access rights displayed by NFS3 client on NTFS volumes are empty (all files have d---------) although access rights are correctly mapped.
NetApp provided some kind of workaround but displayed access rights are always only rough approximation. Is there any Unix tool that can read native NTFS ACLs? (SecureShare can read Unix rwx from Windows hosts however it cannot be scripted...) It will solve the customer's problem for ever (NetApp can always change the way of approximation in future releases...)
I don't think getfacl would be able to read the CIFS ACLs. As somebody else said, Samba is the correct tool for the job -- especially the one called smbcacls, even if it's not 100% functional. I suggest you give it a try.
Alternatively, if you feel like trying alpha software, we developed a tool around Samba to dump and restore NTFS ACLs from Unix hosts -- this is absolutely not production-ready, but the project page is there : http://sourceforge.net/projects/dumpacl You'll need the samba 3.0.22 sources for this to compile and run cleanly
Simon
Simon Vallet wrote:
Hi,
On Wed, 13 Jun 2007 22:30:15 +0200 JacekN janosldx@gazeta.pl wrote:
... Is there any Unix tool that can read native NTFS ACLs? (SecureShare can read Unix rwx from Windows hosts however it cannot be scripted...) It will solve the customer's problem for ever (NetApp can always change the way of approximation in future releases...)
I don't think getfacl would be able to read the CIFS ACLs. As somebody else said, Samba is the correct tool for the job -- especially the one called smbcacls, even if it's not 100% functional. I suggest you give it a try.
Alternatively, if you feel like trying alpha software, we developed a tool around Samba to dump and restore NTFS ACLs from Unix hosts -- this is absolutely not production-ready, but the project page is there : http://sourceforge.net/projects/dumpacl You'll need the samba 3.0.22 sources for this to compile and run cleanly
Thank you very much for all suggestions. Simon's idea seems to be promising. I will talk to the customer if they can try it.
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 000749-0, 2007-06-14 Tested on: 2007-06-14 21:06:37 avast! - copyright (c) 1988-2007 ALWIL Software. http://www.avast.com
-- Opole - Miasto Bez Granic. http://www.opole.pl - tu znajdziesz nowe miejsca, nowe mozliwosci, nowe inspiracje...
-
Darren Dunham -
JacekN -
Simon Vallet -
Sphar, Mike -
tmac