> I suppose one model might be a simple 'tripwire' approach,
> wherein one forces everything to be 'right' and then scan
> for variances, but I suspect that's bordering on impractical.
You could use something like puppet or chef to enforce directory permissions.
Tell puppet that these dirs have
Consider a large amount of NAS storage ...
(lets say tens of TB, for arguments sake; I consider that
large even though I know there are many folks out there
dealing in PB... that's not currently my problem :)
... and said storage is accessible via both NFS (mostly
NFSv3) and CIFS (direct
We're using DataPrivilege with good results. It controls permissions via CIFS,
but we're using NFSv4 so our storage devices are using the same ACLs for both
CIFS and NFS.
http://www.varonis.com/products/dataprivilege.html
On Sep 6, 2013, at 12:36 PM, Tim Kirby wrote:
> Consider a large amoun
There may be ways you can restrict non-administrators from changing
permissions, depending on your SAN software.
In MS Windows there is a "change permissions" security flag on folders.
Your SAN may or may not support that.
In NFS only the owner can change permissions, so make the owner an admin
and
