You can't map groups, but if you can ensure that every Windows user belongs to a group that can read/write the files. Each CIFS user will map to a UNIX user with UNIX groups.
If, by some chance the controller can't map to a UNIX user, you can set the option cifs.default_unix_user to the UNIX user who owns the files. But this only works if the controller can't map to a UNIX user.
-- Adam Fox ------------------------ Typed with my thumbs on a very small keyboard.
----- Original Message ----- From: Oskar Pienkos opienkos@sfu.ca To: toasters@mathworks.com toasters@mathworks.com Sent: Fri Dec 05 17:36:06 2008 Subject: Unix <=> NTFS permissions question
Hello Toaster Experts!
We are currently mounting an NFS directory, e.g. /home/production from a filer to a Solaris 10 box. Security is done by local passwd entries. We need to export this directory via CIFS with read and write access to a group of windows developers ( a group in Active Directory.) Is there a way to do this without converting the filer security from UNIX to NTFS? The shares is owned by a single unix UID but will be accessed by multiple AD users. Is there a way to translate AD groups into Unix groups since usermap.cfg seems to translate only user IDs. We don't want to run mixed-mode security.
Thanks a lot.
Oskar
We are using share with forcegorup option:
Name Mount Point Description ---- ----------- ----------- pool /vol/vol1/share common pool ... forcegroup=s_group DOMAIN\Special_users / Full Control
Where “s_group” is Unix group. /vol/vol1/share itself has Unix security style.
You still have to make sure that Unix group “group” has required access to files; but you would need to ensure this anyway. And you can limit access to a share using NT group membership.
This is less administration as long as you do not need to track file ownership.
С уважением / With best regards / Mit freundlichen Grüβen
--- Andrey Borzenkov Senior system engineer
________________________________ From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Fox, Adam Sent: Saturday, December 06, 2008 5:52 AM To: oskar@sfu.ca; toasters@mathworks.com Subject: Re: Unix <=> NTFS permissions question
You can't map groups, but if you can ensure that every Windows user belongs to a group that can read/write the files. Each CIFS user will map to a UNIX user with UNIX groups.
If, by some chance the controller can't map to a UNIX user, you can set the option cifs.default_unix_user to the UNIX user who owns the files. But this only works if the controller can't map to a UNIX user.
-- Adam Fox ------------------------ Typed with my thumbs on a very small keyboard.
----- Original Message ----- From: Oskar Pienkos opienkos@sfu.ca To: toasters@mathworks.com toasters@mathworks.com Sent: Fri Dec 05 17:36:06 2008 Subject: Unix <=> NTFS permissions question
Hello Toaster Experts!
We are currently mounting an NFS directory, e.g. /home/production from a filer to a Solaris 10 box. Security is done by local passwd entries. We need to export this directory via CIFS with read and write access to a group of windows developers ( a group in Active Directory.) Is there a way to do this without converting the filer security from UNIX to NTFS? The shares is owned by a single unix UID but will be accessed by multiple AD users. Is there a way to translate AD groups into Unix groups since usermap.cfg seems to translate only user IDs. We don't want to run mixed-mode security.
Thanks a lot.
Oskar
-
Borzenkov, Andrey -
Fox, Adam