Celerra NFS/CIFS Mixed Permissions Mode
This is a quick reminder on how to configure a Celerra filesystem for dual NFS/CIFS access where Windows-side permissions would translate correctly to the NFS side. By default, Celerra datamover will mount filesystems in “Native” mode. In this case, a file or folder created by a Windows user via the CIFS share will take on the default Unix permissions on the NFS side: 755 for folders and 644 for files.
This can be a problem when a Unix-side process requires read-write-execute permissions for files and folders created from the Windows side. The solution is to use Celerra’s “Mixed” access policy. Here are the basic steps to configure a new filesystem with CIFS and NFS shares with “Mixed” access policy. In this example we want files and folders created via CIFS to be fully accessible by Everyone, which on the Unix side should translate to permission of “rwxrwxrwx”.
- Create a new filesystem with the default options. In the example below, the filesystem is called “newfs” mounted under “/newfs” on the datamover “server_2” with Native access policy.
- Create a CIFS share. As Windows server/domain administrator, access the share from a Windows server and modify the share to inherit permissions from its root level
- Create an NFS export and mount it on a Unix server.
At this point, you can run a quick test: create a file via CIFS and take a look at the permissions as they appear on the NFS side:
0 -rw-r--r-- 1 32487 32788 0 Sep 17 10:41 test01.txt
As you can see, permissions are NFS-default 644 and the file is owned by the Windows user’s UID/GID that are unknown to the Unix server.
Now we will remount the filesystem on the datamover using “Mixed” access policy:
server_mount server_2 -o rw,accesspolicy=MIXED newfs /newfs
Let’s repeat the test above and create another file via the CIFS share. Now, if you take a look at both test files, you will notice the difference in permissions:
0 -rw-r--r-- 1 32487 32788 0 Sep 17 10:41 test01.txt 0 -rwxrwxrwx 1 32487 32788 0 Sep 17 10:44 test02.txt
Let’s consider a situation where you need to convert permissions on all files and folders in a filesystem that was initially mounted in “Native” access mode but was later remounted in “Mixed” mode. To do this, you can use Celerra’s “translate” option for the nas_fs command:
nas_fs -translate newfs -access_policy start -to MIXED -from NATIVE
Let’s take another look at the two test files we created earlier:
0 -rwxrwxrwx 1 32487 32788 0 Sep 17 10:41 test01.txt 0 -rwxrwxrwx 1 32487 32788 0 Sep 17 10:44 test02.txt
I’d say, we’ve earned our beer.