Mailing List Archive

Listing NTFS style ACLs from unix client via NFS
Hello,

Simple question here..

If a qtree is using NTFS style permissions, and that same qtree is exported
via NFS to a unix client...

Is there a way to see the NTFS acl's from that unix client? The usual "ls
-l" just shows what looks like mode 777.

Maybe an open source tool that could be installed on the unix client or
something?


Thanks.
Re: Listing NTFS style ACLs from unix client via NFS [ In reply to ]
Been a while, but what may work...

1. must mount with NFSv4
2. getfacl may be of use here.

The ACLs are stored in a way that sometimes they may properly translate to
UNIX.
I thought I tried this at one point and it looked right. Give it a try on a
test machine.


--tmac

*Tim McCarthy, **Principal Consultant*


On Wed, Apr 13, 2016 at 8:40 AM, John Adams <intheyc@gmail.com> wrote:

> Hello,
>
> Simple question here..
>
> If a qtree is using NTFS style permissions, and that same qtree is
> exported via NFS to a unix client...
>
> Is there a way to see the NTFS acl's from that unix client? The usual "ls
> -l" just shows what looks like mode 777.
>
> Maybe an open source tool that could be installed on the unix client or
> something?
>
>
> Thanks.
>
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
>
Re: Listing NTFS style ACLs from unix client via NFS [ In reply to ]
On NFS3, no.

On Wednesday, 13 April 2016, John Adams <intheyc@gmail.com> wrote:

> Hello,
>
> Simple question here..
>
> If a qtree is using NTFS style permissions, and that same qtree is
> exported via NFS to a unix client...
>
> Is there a way to see the NTFS acl's from that unix client? The usual "ls
> -l" just shows what looks like mode 777.
>
> Maybe an open source tool that could be installed on the unix client or
> something?
>
>
> Thanks.
>
>
RE: Listing NTFS style ACLs from unix client via NFS [ In reply to ]
If you are looking to see the “effective” permissions for NFS clients on NTFS style volumes, you need to toggle the option that allows that.

In 7-mode, the option is nfs.ntacl_display_permissive_perms

In cDOT it’s ntacl-display-permissive-perms

http://www.netapp.com/us/media/tr-4067.pdf - page 82<http://www.netapp.com/us/media/tr-4067.pdf%20-%20page%2082>

You can also look at ACLs from the storage.

In 7-mode:
fsecurity show /vol/volname/filepath

In cDOT:
vserver security file-directory show –path /vol/filepath

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Basil
Sent: Wednesday, April 13, 2016 9:00 AM
To: John Adams
Cc: toasters@teaparty.net
Subject: Re: Listing NTFS style ACLs from unix client via NFS

On NFS3, no.

On Wednesday, 13 April 2016, John Adams <intheyc@gmail.com<mailto:intheyc@gmail.com>> wrote:
Hello,

Simple question here..

If a qtree is using NTFS style permissions, and that same qtree is exported via NFS to a unix client...
Is there a way to see the NTFS acl's from that unix client? The usual "ls -l" just shows what looks like mode 777.
Maybe an open source tool that could be installed on the unix client or something?

Thanks.
RE: Listing NTFS style ACLs from unix client via NFS [ In reply to ]
The Samba suite includes “smbcacls<https://www.samba.org/samba/docs/man/manpages-3/smbcacls.1.html>”, which runs on Unix. It uses the SMB protocol to examine and modify NTFS-style ACLs.

Mark

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Parisi, Justin
Sent: Wednesday, April 13, 2016 6:40 AM
To: Basil <basilberntsen@gmail.com>; John Adams <intheyc@gmail.com>
Cc: toasters@teaparty.net
Subject: RE: Listing NTFS style ACLs from unix client via NFS

If you are looking to see the “effective” permissions for NFS clients on NTFS style volumes, you need to toggle the option that allows that.

In 7-mode, the option is nfs.ntacl_display_permissive_perms

In cDOT it’s ntacl-display-permissive-perms

http://www.netapp.com/us/media/tr-4067.pdf - page 82<http://www.netapp.com/us/media/tr-4067.pdf%20-%20page%2082>

You can also look at ACLs from the storage.

In 7-mode:
fsecurity show /vol/volname/filepath

In cDOT:
vserver security file-directory show –path /vol/filepath

From: toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net> [mailto:toasters-bounces@teaparty.net] On Behalf Of Basil
Sent: Wednesday, April 13, 2016 9:00 AM
To: John Adams
Cc: toasters@teaparty.net<mailto:toasters@teaparty.net>
Subject: Re: Listing NTFS style ACLs from unix client via NFS

On NFS3, no.

On Wednesday, 13 April 2016, John Adams <intheyc@gmail.com<mailto:intheyc@gmail.com>> wrote:
Hello,

Simple question here..

If a qtree is using NTFS style permissions, and that same qtree is exported via NFS to a unix client...
Is there a way to see the NTFS acl's from that unix client? The usual "ls -l" just shows what looks like mode 777.
Maybe an open source tool that could be installed on the unix client or something?

Thanks.