Thanks! We're running 5.2.3P1
I've been talking to the filer admin about upgrading. It sounds like the immediate short-term fix to our problem might be to create a small multiprotocol qtree while we evaluate whether to upgrade the OS and/or change the main qtrees.
We need to make sure that we understand all the security implications of changing a qtree from unix to multiprotocol.
Do you have anything that shows how the filer stores permission, whatever the filer equivalent of an inode is? (qnode? Wnode?) We were trying to whiteboard how the permissions work. Specifically:
1) I start with a Unix qtree on the filer 2) User directory is created with unix permissions set to 755 3) We then change the qtree from unix to multiprotocol 4) User accesses his directory as a CIFS share 5) User creates a subdirectory and files under his home
What will the permissions be on those files? 755? Will they have anything in their NT ACL's?
I am under the impression that the filer stores permissions in some "neutral" format which it translates to Unix permission bits or NT ACL's, PLUS has some extra storage for NT ACL's - is that how it works?
Also, What happens if you create a multiprotocol file system and then change it later to unix? Is the additional ACL information a) translated, b) deleted, c) stored but not used (so that if you changed it back to multiprotocol again it might still be there?)
thanks for any pictures Betsy
At 07:06 AM 6/13/00 -0700, rob.hawley@netapp.com wrote:
What version of the filer are you running? Is it 5.3 or later?
The filer has always supported multiprotocol access to files. With 5.3 we have completed our security model that is described in the following paper.
-- Elizabeth Schwartz 781-262-6565 Unix System Administrator eschwart@bbnplanet.com Genuity, Inc