We're using DataPrivilege with good results. It controls permissions via CIFS, but we're using NFSv4 so our storage devices are using the same ACLs for both CIFS and NFS.
http://www.varonis.com/products/dataprivilege.html On Sep 6, 2013, at 12:36 PM, Tim Kirby wrote: > Consider a large amount of NAS storage ... > > (lets say tens of TB, for arguments sake; I consider that > large even though I know there are many folks out there > dealing in PB... that's not currently my problem :) > > ... and said storage is accessible via both NFS (mostly > NFSv3) and CIFS (direct through the NAS, not Samba). > > Control of access to this data is a perennial problem. > There are areas that need to be protected for various > reasons, obviously. Despite all best efforts to the > contrary, the population of users in this space will > insist on changing permissions and ownership of data > with little consideration for the implications of same. > > The question, then, is ... are there any good tools, be > they OSS or not, that perform permission mapping of data > for either or both NFS and CIFS ? I'm not even clear in > my mind what I would expect it to look like, but I have > this irrational hope/wish/fantasy that there is something > out there that would help manage the access controls. > > I suppose one model might be a simple 'tripwire' approach, > wherein one forces everything to be 'right' and then scan > for variances, but I suspect that's bordering on impractical. > > So, open for general discussion, really. I'm staring at a > blank sheet of paper right now and looking for inspiration. > > No regulatory controls to help, unfortunately. While they > can be a royal pain, sometimes they are really useful to > put structure around the amorphous... > > Tim > -- > Tim Kirby t...@kirbys.org > > > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
