- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- CIFS 1.1 ECO 1 PS006 default file permissions issu...
Operating System - OpenVMS
1753865
Members
7853
Online
108809
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2009 09:44 AM
06-01-2009 09:44 AM
Since upgrading to ECO1 PS006, we are encountering problems successfully
deleting or renaming files on CIFS shares. This is apparently due to PS006 enforcing
permission defaults unenforced by prior patch levels (PS002 specifically).
We would like to be able to create files from the Windows side
of a CIFS share that have the G:D OpenVMS permission enabled.
(Presuming that is the issue).
CIFS 1.1 ECO 1 PS006 release notes mention:
8. Allow ability to correctly set DELETE permission for owner/group/world
protection from Windows.
Alas, it does not mention the "knob" for controlling this behaviour
(presumably as an SMB.CONF parameter).
deleting or renaming files on CIFS shares. This is apparently due to PS006 enforcing
permission defaults unenforced by prior patch levels (PS002 specifically).
We would like to be able to create files from the Windows side
of a CIFS share that have the G:D OpenVMS permission enabled.
(Presuming that is the issue).
CIFS 1.1 ECO 1 PS006 release notes mention:
8. Allow ability to correctly set DELETE permission for owner/group/world
protection from Windows.
Alas, it does not mention the "knob" for controlling this behaviour
(presumably as an SMB.CONF parameter).
Solved! Go to Solution.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2009 10:11 PM
06-01-2009 10:11 PM
Solution
Hi Rodman,
We were running CIFS V1.1 with a few problems but all under control. We then installed ECO1 and it would be difficult to say this was a positive move.
Last week I installed PS006 and most of our problems have been fixed, but we did notice that there were a few issues with file protections.
CIFS engineering reckon that a directory with a DEFAULT_PROTECTION ACE will ensure that files created by Windows clients will get the desired protection, but our experience is that this is not correct. Instead we're using an ACE of the form
(IDENTIFER=*,OPTIONS=DEFAULT,ACCESS=...)
which does what we need. (We used to have them all over the place, but ECO1 couldn't cope with them and we put the DEFAULT_PROTECTION ACEs on instead. Now PS006 doesn't seem to respect *them*!)
They also said we suggested we could use a combination of 'force create mode' and 'force security mode' to ensure created files get the desired protection. This seems to be working well for our [homes] shares.
Note that one of the significant changes introduced in PS006 concerns DELETE access to files. Previously, the 'create mode' setting (and variants thereof) tied DELETE access to the 'WRITE' bit, i.e. if you enable WRITE access you also enabled DELETE access. In PS006 they've separated the two, and you have to specify DELETE access separately. The 'create mode' setting now has this signficance:
create mode = 0dogw
where
'd' = DELETE access (see below)
'o' = OWNER access
'g' = GROUP access
'w' = WORLD access
The DELETE access is a bitmask with the following values:
4 = OWNER can delete
2 = GROUP can delete
1 = WORLD can delete
So if you want (S:RWED,O:RWED,G:R,W:R) you would set
create mode = 04744
We also noticed that sometimes the protection assigned to a file was not quite as intended, and in some cases would 'flip' between two states each time a file was saved. We have since learned that a bug has been discovered in the processing of the mask values, and that this should be fixed in PS007.
Regards,
Jeremy Begg
We were running CIFS V1.1 with a few problems but all under control. We then installed ECO1 and it would be difficult to say this was a positive move.
Last week I installed PS006 and most of our problems have been fixed, but we did notice that there were a few issues with file protections.
CIFS engineering reckon that a directory with a DEFAULT_PROTECTION ACE will ensure that files created by Windows clients will get the desired protection, but our experience is that this is not correct. Instead we're using an ACE of the form
(IDENTIFER=*,OPTIONS=DEFAULT,ACCESS=...)
which does what we need. (We used to have them all over the place, but ECO1 couldn't cope with them and we put the DEFAULT_PROTECTION ACEs on instead. Now PS006 doesn't seem to respect *them*!)
They also said we suggested we could use a combination of 'force create mode' and 'force security mode' to ensure created files get the desired protection. This seems to be working well for our [homes] shares.
Note that one of the significant changes introduced in PS006 concerns DELETE access to files. Previously, the 'create mode' setting (and variants thereof) tied DELETE access to the 'WRITE' bit, i.e. if you enable WRITE access you also enabled DELETE access. In PS006 they've separated the two, and you have to specify DELETE access separately. The 'create mode' setting now has this signficance:
create mode = 0dogw
where
'd' = DELETE access (see below)
'o' = OWNER access
'g' = GROUP access
'w' = WORLD access
The DELETE access is a bitmask with the following values:
4 = OWNER can delete
2 = GROUP can delete
1 = WORLD can delete
So if you want (S:RWED,O:RWED,G:R,W:R) you would set
create mode = 04744
We also noticed that sometimes the protection assigned to a file was not quite as intended, and in some cases would 'flip' between two states each time a file was saved. We have since learned that a bug has been discovered in the processing of the mask values, and that this should be fixed in PS007.
Regards,
Jeremy Begg
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP