HP StoreAll Storage User Manual
Page 116
behavior, the creator of a share must access the root of the share and set the desired ACLs on it
manually (using Windows Explorer or a command line tool such as ICACLS). This process is
somewhat unnatural for Linux administrators, but should be fairly normal for Windows administrators.
Generally, the administrator will need to create a CREATOR/OWNER ACL that is inheritable on
the share directory, and then create an inheritable ACL that controls default access to the files in
the directory tree.
Changing the way SMB inherits permissions on files accessed from Linux applications
To prevent the SMB server from modifying file permissions on directory trees that a user wants to
access from Linux applications (so keeping permissions other than 700 on a file in the directory
tree), a user can set the setgid bit in the Linux permissions mask on the directory tree. When the
setgid
bit is set, the SMB server honors that bit, and any new files in the directory inherit the
parent directory permission bits and group that created the directory. This maintains group access
for new files created in that directory tree until setgid is turned off in the tree. That is, Linux-style
permissions semantics are kept on the files in that tree, allowing SMB users to modify files in the
directory while NFS users maintain their access though their normal group permissions.
For example, if a user wants all files in a particular tree to be accessible by a set of Linux users
(say, through NFS), the user should set the setgid bit (through local Linux mechanisms) on the
top level directory for a share (in addition to setting the desired group permissions, for example
770). Once that is done, new files in the directory will be accessible to the group that creates the
directory and the permission bits on files in that directory tree will not be modified by the SMB
server. Files that existed in the directory before the setgid bit was set are not affected by the
change in the containing directory; the user must manually set the group and permissions on files
that already existed in the directory tree.
This capability can be used to facilitate cross-protocol sharing of files. Note that this does not affect
the permissions inheritance and settings on the SMB client side. Using this mechanism, a Windows
user can set the files to be inaccessible to the SMB users of the directory tree while opening them
up to the Linux users of the directory tree.
Using Robocopy on a data retention-enabled HP-SMB share
If you plan to use Microsoft Robocopy to migrate files to a StoreAll HP-SMB share that has data
retention enabled, you must:
•
Disable the HP-SMB AllowPVFSFilemodeChange registry setting on every StoreAll cluster
node and restart HP-SMB. Disabling this registry setting prevents a file from transitioning to a
WORM or retained state through HP-SMB. However, it does not inhibit autocommit or the
ability to transition files to a WORM or retained state using other protocols.
•
Disable autocommit if it is enabled.
If you do not perform these steps, some Robocopy operations will not work. Specifically, copies
of all read-only files and, in some cases, zero size files, will transition prematurely to a WORM
state during the copy process and Robocopy will be unable to apply all of the source file's attributes
to complete the copies.
Detailed steps are:
1.
On every StoreAll cluster node, run the following commands:
[root@ibrix01b ~]#/opt/likewise/bin/lwregshell \> cd
[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\ibfs]
HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\ibfs> add_value
AllowPVFSFilemodeChange reg_dword 0
HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\ibfs>exit
2.
On the node with the Active Fusion Manager, run the following command to restart HP-SMB:
[root@ibrix01b ~]# ibrix_server -s -t cifs -c restart
116
Using SMB