On Thu, 13 Mar 2008, Rocky wrote: > I run a few NetApp boxes, must admit I've never noticed the ACL mapping > sucking before. How does yours suck?
It's been almost a year since we evaluated Netapp, I'm a little hazy on the details. Basically, NetApp has three different ideas of the permissions for a file or directory; UNIX mode bits, NFSv4 ACL, and CIFS ACL. You can set a particular share to either UNIX mode, windows mode, or "mixed" mode. In UNIX mode, any access from the Windows side has that identity converted to a UNIX identity and permission checked against the UNIX permissions. In windows mode, vice versa. In either of those two modes, you can only change permission from the native side; ie, Windows clients couldn't change permissions for shares set to UNIX mode. Mixed mode, IIRC, for access from UNIX, and Windows permissions for access from Windows. However, unless I must remember, changing the permissions from one side overwrote the permissions on the other with a translated version. Like I said, it's been a while since I looked at it, but I distinctly recall that in an environment which wanted full access via NFSv4 or CIFs with the ability to modify permissions from either side it was horrible. In particular, in the mixed mode, it's a legacy application modified the UNIX mode bits rather than using ACLs, the ACL was completely wiped out. and while it was mapping available for users, there was no mapping of UNIX to Windows groups or vice versa. If you were in an environment that only accessed a particular set of files from one operating system, you were probably okay. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
