Toasters,
We've recently received our first filer, an F740 with NFS and CIFS. We're in the process of working out all the issues and procedures before we deploy the device.
The issue we're struggling with at the moment involves people with NT Administrator access. In the NT world, we admins are used to having accounts with Administrator access (by virtue of being Domain Admins). It never matters to us that our files get created with ownership of "Administrators".
In the UNIX world, we're used to using "su" to get root access when we need it. All of our own files are owned by our respective accounts, not root.
We intend to merge our UNIX and NT home directories, but life is not smooth for we admins. When we create files on the filer from the NT world, they're owned by Administrator; that's OK. But on the UNIX side, they show up as being owned by root; that's not.
We'd like to have our admin access cake and eat it too. In other words, what we'd like is to have our NT Administrator access, but have files get created with our respective ownerships, not root's.
How do the rest of you work this issue?
Greg
We'd like to have our admin access cake and eat it too.
Tut! :-)
In other words, what we'd like is to have our NT Administrator access, but have files get created with our respective ownerships, not root's.
How do the rest of you work this issue?
The NT habit of using the LOCALSERVER\Administrators local group as the owner of all files and directories created by an administrative user is a little annoying, albeit somewhat core to the overall NT way of doing business securitywise. Fear not though. As long as you don't mind going through an extra step, I recently put together a little tool that might help you out.
Unbeknownst to most folk, you can do chowns on NT. Everything that ships as native with the operating system would lead you to believe that you can only "Take Ownership" of files on NT, not give ownership away to another account. If you think about it, if this were true, then how would a restore program work? :-)
So.... I'll fire you my "ntchown" tool under separate cover. You'll be my second customer for it. I haven't exactly "tested the living daylights out of it", but I'm pretty confident it works under most scenarios, as it's really very simple. If subsequent testing goes well, and once I'm certain it works on UNICODE file systems (I mean ones that really use UNICODE, like in Korea etc...), I will probably inflict it on our NOW folk for inclusion in the tools section of our site.
If anybody else is up for some informal testing, drop me a note.
Keith
On Fri, 18 Jun 1999, Keith Brown wrote:
So.... I'll fire you my "ntchown" tool under separate cover. You'll be my second customer for it. I haven't exactly "tested the living daylights out of it", but I'm pretty confident it works under most scenarios, as it's really very simple.
BTW, I think there is a chown in the NT Server (?) Resource Kit, which in my opinion should have been a part of the NT Server package. If the Exploder is a part of the OS such tools certainly are. However, as I recall there might have been a problem in the fact that the ACLs would be screwed up (owner/creator permissions, etc. would be different then expected) after chowning a file.
Tom
-
Gregory M. Paris -
Keith Brown -
tkaczma@gryf.net