This is described in the link I gave you. For example, at
http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/conc epts.shtml
there is a section titled "Display Permissions vs. Effective Permissions" which answers your question about the "fake" permissions. Also from the FAQ "How do I tell the security style of a file?":
http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/faq. shtml#anchor1390093
Also you'll want to look at the next question "What are these weird Unix perms". If you have further questions please let us know.
Mark
-----Original Message----- From: neil lehrer [mailto:nlehrer@ibb.gov] Sent: Thursday, February 15, 2001 3:08 PM To: Muhlestein, Mark Cc: 'toasters@mathworks.com'; Curt Huyser Subject: Re: ntfs qtrees
well, i have read every white paper and still have a couple of questions.
i copied the user hierarchy from our sun box to the filer maintaining the unix perms. the target on the filer was a qtree with unix sec style.
i just changed the sec style from unix to ntfs. when i look at the ntfs perms on the ntfs qtree they look okay. i used both nt explorer and some cmd line utils i have.
my question at this point is are these permissions "fake." is there any way to to tell? just the "has acl" box in secureshare tool? are they still unix perms and synthesized until i actually create acls? does it matter?? should i run thru the structure and create acl's? or can it wait...
also, i noted that user's sub directories have r-x for everyone. that is being picked up from the unix perms for other. which did not matter in nfs because access could not get past the home dir perms which only gave rights to the owner. however, if i am in nt explorer as as normal [non-privileged] user i can see all the users directories, but cannot enter them by clicking in [which is the way we want it]. however, i can cd into the lower level directories from a cmd line. do i correct this by correcting the acls, or is there a traverse restriction i remember from somewhere?
i'm sure there is something i'm forgetting to ask.
thanks.
"Muhlestein, Mark" wrote:
When an NTFS qtree is set up, the qtree directory gets an
ACL which grants
the Everyone group Full Control. If the qtree had
previously been Unix or
mixed, it might not have ACLs on every file/dir in it. Any
files that don't
have ACLs will still use the Unix security when checking
access. This is
explained fully in the security troubleshooter guide on NOW:
http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubl eshooting/
Mark Muhlestein -- mmm@netapp.com
-----Original Message----- From: neil lehrer [mailto:nlehrer@ibb.gov] Sent: Monday, February 12, 2001 9:07 AM To: toasters Subject: ntfs qtrees
hi,
we are migrating our files from sun/NFS to filer/cifs. i have clustered f760's running ontap 5.36r2. for testing the data is copied over using cpio and the unix perms are maintained.
i found the note shown below on page 421 of the Ontap SAG. i find it confusing and a little contradictory -- every windows user is given full access, but if you don't set ntfs file sec then unix perms are enforced?
"Note When you create an NTFS qtree or change a qtree to NTFS, by default, every Windows user is given full access. You must change the permissions if you want to restrict access to the qtree for some users. If you do not set NTFS file security on a file, UNIX permissions are enforced."
could someone please clear this up? what if the unix perms say no?? is this just written poorly?
thanks.
regards
--
regards
+++++++++++++++++++++++++++++++++++++++++++++++++
- Neil Lehrer
- United States International Broadcasting Bureau
- System Development Division
- voice 202 619-2524
- fax 202 619-3576
- nlehrer@ibb.gov
- " is this crisis an opportunity or just
- another grab the fire extinguisher moment?"
+++++++++++++++++++++++++++++++++++++++++++++++++
-
Muhlestein, Mark