Are you using "mixed" mode for security? Whenever I've seen that happen in the past it was become some windows admin made some global permissions change on a mixed-mode share.
I never use mixed mode, personally. I just don't like it. I've never had sudden permission changes like that on my servers whereas a co-worker who uses mixed-mode has had them many times. Others mileage will probably vary.
Sphar, Mike wrote:
Are you using "mixed" mode for security? Whenever I've seen that happen in the past it was become some windows admin made some global permissions change on a mixed-mode share.
I inherited the Filers from the previous admins (all left). The home dir ones (2) have a Default Security Style of "mixed". My previous experience was in Unix-only environments.
I suspect a windows admin bugaboo as you responders suggested.
As for fixing the users (a couple) who insist on returning their mucked-up dirs to it's former state, I'll find a way somehow.
Questions: - What's the effect of changing the Default Security Style from mixed-mode to UNIX? Rephrasing, what's the effect on Windows usage? - Can the files still be accessed/read/write from either side by the owner, or group if group names are replicated between UNIX & AD? - And what about a new file created from the Windows side? Will it have UNIX style permissions? - It appears Default Security Style a per-filer option - yes?
- michael
Questions:
- What's the effect of changing the Default Security Style from mixed-mode to UNIX? Rephrasing, what's the effect on Windows usage?
Every file/directory has only one "real" set of permissions (either UNIX ugo or NTFS ACLs). In a UNIX qtree or volume, only the UNIX style is allowed. In Mixed, it's whichever one was set last.
Whichever one is "real", the other one is mapped as best as it can be.
So if you have files with real NTFS ACLs, you will lose those specific permissions becase they cannot be directly mapped into UNIX permissions. This may make the file access more restrictive than it would have been previously.
See this page for more info. http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/conc...
- Can the files still be accessed/read/write from either side by the owner, or group if group names are replicated between UNIX & AD?
The only problem would be with the group mapping. I'm not certain how well that is mapped.
- And what about a new file created from the Windows side? Will it have UNIX style permissions?
It will.
- It appears Default Security Style a per-filer option - yes?
Yes. wafl.default_security_style.
-
Darren Dunham -
Michael Coxe -
Sphar, Mike