This post is more than 5 years old
42 Posts
0
3818
August 22nd, 2017 18:00
File System Folders With No Domain Admin access
On our VNX7500, we found a few NAS file system sub-folders that our Domain Administrator accounts can no longer access.
We believe this is the result of improperly trained local site support techs who manage user and folder permissions.
Am I correct in thinking that I should be able to access these folders via the control station CLI and reset permissions there?
I have found the folder for our NFS Exports under /nas/quota/slot_2/, but I cannot seem to locate the CIFS/SMB shared folders.
I would appreciate any guidance on this procedure, or suggestions for better way to regain this access.
Thank you,
Bryan
No Events found!
bryan_washburn
42 Posts
0
August 23rd, 2017 21:00
Follow up…
For whatever reason, a few file system sub-folders were no longer accessible via anyone or any account. We also could not reset permissions or take ownership. We suspected an admin inadvertently messed up the permissions of the folders, but not positive.
With the assistance of a Linux admin and the root account, we navigated the control station CLI to /nas/quota/slot_2/root_vdm_#/ and to the specific folder(s). Editing permissions here also did not work for regaining access via Windows.
In the CS CLI, we could access the problem folders, so we just created a new parent folder, moved the content to it, deleted the original folder, then renamed the new folder to the original name.
I am not sure if this was the best solution, but it did the trick.
Rainer_EMC
4 Operator
•
8.6K Posts
1
August 23rd, 2017 07:00
Hi Bryan,
changing CIFS owners and CIFS ACLs need to be done from a Windows client - there is no VNX CLI for that.
The usual way in the Windows world is for the Administrator to take ownership and then to adjust the owner and ACLs
Rainer
dynamox
9 Legend
•
20.4K Posts
1
August 23rd, 2017 08:00
emcsetsd does not work on VNX ?
bryan_washburn
42 Posts
0
August 23rd, 2017 20:00
Hi Rainer. Thank you for your reply.
Attempting to take ownership was previously attempted and failed. We had a couple of Windows Administrators attempt every way they could think of to access these folders, with no luck. We are wondering if there was some other problem (corruption?) and not just Domain Admin permissions removed.
We actually found a solution that I will post shortly.
Thank you again,
Bryan
bryan_washburn
42 Posts
0
August 23rd, 2017 20:00
Hi Dynamox. Thank you for your reply.
You overestimate my VNX skills.
I had to research this. It may have worked but it appears to not be installed on our array.
In any case, we did figure out a solution not long after my original post.
Thank you again,
Bryan
maniemc
169 Posts
0
August 24th, 2017 17:00
As Rainer said, taking ownership by an administrator is the correct procedure as "quota" on the CS is not for data manipulation (though it helped here).
I think if you "unjoin" and re "join" the CIFS server (Unisphere) to the Active Directory, it may add the domain admin again to the CIFS Servers local admin group (and allow the domain admins to take ownership/fix the ACLs).
Rainer_EMC
4 Operator
•
8.6K Posts
0
August 25th, 2017 04:00
you could have viewed the permissions and ownership via the server_cifssupport command to check why
Also if you open a service request and get support to dialin they can check via internal diag commands
Rainer_EMC
4 Operator
•
8.6K Posts
0
August 25th, 2017 04:00
sure it works - but its not run on the control station and AFAIR it requires a parameter to be set