Loading...
 

Problema:

Mettere come security Style NTFS crea errore nella modifica di file su share NFS (ad esempio usando vi):

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Can_I_set_UNIX_style_permissions_from_an_NFS_mount_on_an_NTFS_qtree%3F

Per le share miste va messo NTFS (mixed Mode è deprecato e fa casino) come security style ma va cambiato un permesso come segue:

cimec-storage::> set -privilege advanced

Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y

cimec-storage::*> vserver export-policy rule show -vserver svm_cifs_nfs -policyname NTFS_ignore_unix_sec_opt

             Policy          Rule    Access   Client                RO

Vserver      Name            Index   Protocol Match                 Rule

- --   - ---

svm_cifs_nfs NTFS_ignore_unix_sec_opt

                             1       nfs      10.20.20.0/24,        any

                                              192.168.240.0/24

svm_cifs_nfs NTFS_ignore_unix_sec_opt

                             2       cifs     0.0.0.0/0             any

2 entries were displayed.

cimec-storage::*> vserver export-policy rule show -vserver svm_cifs_nfs -policyname NTFS_ignore_unix_sec_opt -ruleindex 1

                                    Vserver: svm_cifs_nfs
                                Policy Name: NTFS_ignore_unix_sec_opt
                                 Rule Index: 1
                            Access Protocol: nfs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 10.20.20.0/24,192.168.240.0/24
                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: any
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true
                 NTFS Unix Security Options: fail
         Vserver NTFS Unix Security Options: use_export_policy
                      Change Ownership Mode: restricted
              Vserver Change Ownership Mode: use_export_policy

Verificare lo stato del flag NTFS Unix Security Options che deve essere su ignore.

Se non lo è va messo:

cimec-storage::*> vserver export-policy rule modify -vserver svm_cifs_nfs -policyname NTFS_ignore_unix_sec_opt -ruleindex 2 -ntfs-unix-security-ops ignore

cimec-storage::*> vserver export-policy rule show -vserver svm_cifs_nfs -policyname NTFS_ignore_unix_sec_opt -ruleindex 2

                                    Vserver: svm_cifs_nfs
                                Policy Name: NTFS_ignore_unix_sec_opt
                                 Rule Index: 2
                            Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
                             RO Access Rule: any
                             RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
                   Superuser Security Types: none
               Honor SetUID Bits in SETATTR: true
                  Allow Creation of Devices: true
                 NTFS Unix Security Options: ignore
         Vserver NTFS Unix Security Options: use_export_policy
                      Change Ownership Mode: restricted
              Vserver Change Ownership Mode: use_export_policy

cimec-storage::*> set -privilege admin

 

Created by stefano.tessari. Last Modification: Tuesday 13 of July, 2021 17:23:26 CEST by stefano.tessari.