In NT you can set the ACL of a file so tight that the Administrator cannot read it. What you should try to do is map the drive as Administrator, then Take Ownership of the file. If that succeeds you should be able to set the ACL to whatever you want it to be, or delete the file. Another thing you might want to consider is setting this option:
cifs.nfs_root_ignore_acl on
This allows a root user on a root mounted NFS partition to do whatever it wants to a file with an ACL. I'm not 100% positive that the option above is available on 5.3.4R3. I know that it is available in 5.3.4R3P2.
Graham
-----Original Message----- From: Michael van Elst [mailto:mlelstv@xlink.net] Sent: Monday, May 29, 2000 10:48 AM To: toasters@mathworks.com Cc: Michael van Elst Subject: NT + Unix access rights
Hi,
I'm using an F740 running 5.3.4R3. One volume uses a qtree with mixed security settings. Within that qtree I have a couple of files that cannot be accessed at all. The files were created by an NT client.
On the UNIX side I can neither read nor touch the files. I cannot chmod or chown them. I cannot remove them. I could 'mv' them to a different directory once. I can create a hard link to them but which isn't deletable anymore. The file shows up with 0700 permissions. The directory where the file is located and all directories above were created by a UNIX client. This is true independent on wether I am working as root or as the files' owner (according to the usermap).
On the NT side I cannot use the file either and I cannot even look at the security settings for the file. This is also independent of the user. Neither the owner nor the Administrator has access to the file.
The usermap maps the UNIX 'root' account to the NT 'Administrator' account. The NT 'Administrator' account is mapped to an unprivileged UNIX account different from the file owner.
I learned that the undocumented command 'rm' on the filers console (after rc_toggle_basic) allows to delete these files.
Is there anything I can do ?
Regards, -- i.A. Michael van Elst / phone: +49 721 9652 330 Xlink - Network Information Centre / fax: +49 721 9652 349 Emmy-Noether-Strasse 9 /\ link http://nic.xlink.net/ D-76131 Karlsruhe, Germany /_______ email: hostmaster@xlink.net [ KPNQwest Germany GmbH, Sitz Karlsruhe ] [ Amtsgericht Karlsruhe HRB 8161, Geschaeftsfuehrer: Koen Bertoen ]
On Mon, May 29, 2000 at 12:37:50PM -0700, Graham.Knight@netapp.com wrote:
In NT you can set the ACL of a file so tight that the Administrator cannot read it.
Is it possible that nobody can access it ? Shouldn't at least the owner have enough access rights to query and set the access rights ?
What you should try to do is map the drive as Administrator, then Take Ownership of the file. If that succeeds you should be able to set the ACL to whatever you want it to be, or delete the file. Another thing you might want to consider is setting this option:
Ok.
cifs.nfs_root_ignore_acl on
This allows a root user on a root mounted NFS partition to do whatever it wants to a file with an ACL. I'm not 100% positive that the option above is available on 5.3.4R3. I know that it is available in 5.3.4R3P2.
This sounds even better, but:
| filer3> options cifs.nfs_root_ignore_acl on | No such option cifs.nfs_root_ignore_acl
Greetings,
-
Graham.Knight@netapp.com -
Michael van Elst