Hi,
I'm using an F740 running 5.3.4R3. One volume uses a qtree with mixed security settings. Within that qtree I have a couple of files that cannot be accessed at all. The files were created by an NT client.
On the UNIX side I can neither read nor touch the files. I cannot chmod or chown them. I cannot remove them. I could 'mv' them to a different directory once. I can create a hard link to them but which isn't deletable anymore. The file shows up with 0700 permissions. The directory where the file is located and all directories above were created by a UNIX client. This is true independent on wether I am working as root or as the files' owner (according to the usermap).
On the NT side I cannot use the file either and I cannot even look at the security settings for the file. This is also independent of the user. Neither the owner nor the Administrator has access to the file.
The usermap maps the UNIX 'root' account to the NT 'Administrator' account. The NT 'Administrator' account is mapped to an unprivileged UNIX account different from the file owner.
I learned that the undocumented command 'rm' on the filers console (after rc_toggle_basic) allows to delete these files.
Is there anything I can do ?
Regards,
On Mon, May 29, 2000 at 10:14:10AM -0700, Bruce Sterling Woodcock wrote:
The usermap maps the UNIX 'root' account to the NT 'Administrator' account. The NT 'Administrator' account is mapped to an unprivileged UNIX account different from the file owner.
Can someone explain this? I don't follow.
The software release 5.3 has the feature to map Accounts independently for the UNIX side and the NT side. I.e. the usermap file has the lines:
Administrator <= root Administrator => ntadmin
where ntadmin is an unprivileged account and root is the regular privileged account.
----- Original Message ----- From: "Michael van Elst" mlelstv@xlink.net To: "Bruce Sterling Woodcock" sirbruce@ix.netcom.com Cc: "Michael van Elst" mlelstv@xlink.net; toasters@mathworks.com Sent: Monday, May 29, 2000 4:30 PM Subject: Re: NT + Unix access rights
On Mon, May 29, 2000 at 10:14:10AM -0700, Bruce Sterling Woodcock wrote:
The usermap maps the UNIX 'root' account to the NT 'Administrator' account. The NT 'Administrator' account is mapped to an unprivileged UNIX account different from the file owner.
Can someone explain this? I don't follow.
The software release 5.3 has the feature to map Accounts independently for the UNIX side and the NT side. I.e. the usermap file has the lines:
Administrator <= root Administrator => ntadmin
where ntadmin is an unprivileged account and root is the regular privileged account.
Is the mapping only for access, or only for ownership?
I understand that if root creates a file, and you look at it from NT, it will be owned by Administrator (with the mapping given above). But when Administrator tries to access it, he'll be mapped to ntadmin, which doesn't have access??
Bruce
On Mon, May 29, 2000 at 05:05:39PM -0700, Bruce Sterling Woodcock wrote:
Is the mapping only for access, or only for ownership?
I understand that if root creates a file, and you look at it from NT, it will be owned by Administrator (with the mapping given above). But when Administrator tries to access it, he'll be mapped to ntadmin, which doesn't have access??
This is correct.
But in this case an ordinary NT user (u12345) has created a file and neither this user nor the NT administrator seems to have any access rights.
Unfortunately this is also true for the UNIX side. Neither root nor the UNIX user to which u12345 is mapped (also called u12345 with a uid of 12345) has access to the file despite the fact that it shows up as
-rwx------ 1 12345 1101 2215 May 8 17:48 structure.cnf
in a listing.
Apparently the file uses the NT security model in the mixed qtree and the file owner has locked himself and others out.
-
Bruce Sterling Woodcock -
Michael van Elst