VMware Cloud Community
richard6121
Contributor
Contributor
‎05-19-2010 08:25 AM

NetApp: Fixing NFS permissions that were steamrollered by a CIFS re-ACLing

This might be a better question to post on NetApp NOW, but I like this board more. Heart

The VMware datastore/volume's Qtree security type was flipped from "UNIX" to "mixed", then a CIFS share was created on one of the subfolders in the volume.

Later, the subfolder had its ACLs modified from a Windows client. Now the contents of the folder are invisible from the VMware side. Apparently the CIFS re-ACLing overwrote whatever NFS permissions were necessary for proper operation. How does one reset the NFS permissions for this folder and its contents?

Granting "everyone" full control from a Windows client won't do the trick. :smileyalert:

0 Kudos
6 Replies
RParker
Immortal
Immortal
‎05-19-2010 08:34 AM

NFS needs to grant root access to r/w to the ESX host. (you may need to explicitly define the host by IP)

0 Kudos
richard6121
Contributor
Contributor
‎05-19-2010 08:38 AM

The NFS exports still have the original permissions settings. The datastore is working fine. It's just that one subfolder which is "locked down."

0 Kudos
RParker
Immortal
Immortal
‎05-19-2010 08:43 AM

Well I would mount that folder in Windows (from vol/ down) and see what permissions are showing for that folder. If it looks the same, you can take control of the folder assign them to administrator, then reset the permissions to all child folders with the current permissions.

0 Kudos
richard6121
Contributor
Contributor
‎05-19-2010 08:54 AM

From the Windows perspective, "everyone" has read/execute. My own user account was showing full control. Manually setting Everyone to read/execute or even full control had no effect. It seems that this cannot be fixed by manipulating the CIFS ACLs.

0 Kudos
richard6121
Contributor
Contributor
‎07-01-2011 06:08 AM

Bumping back to the top.  We still have this one locked-down folder out there that we can't delete.  It's not harming anything, but it would be nice to fix the permissions on it.  Any ideas?

0 Kudos
ewilts
Enthusiast
Enthusiast
‎07-01-2011 12:49 PM

As a former storage guy supporting our NetApp environment, let me tell you that mixed permissions are downright evil - we were told that in no uncertain terms by our NetApp reseller when we installed our first filer.  Either windows or unix but NEVER mixed.  You have the worst of both worlds - independent permissions on the same file and neither can see the other so you manage to confuse everybody.  After I was done hurting your storage guys that blew it up on you (why would you possibly want CIFS access to your datastores?), I'd tell them to read https://kb.netapp.com/support/index?page=content&id=2010301.

0 Kudos