Permission Tips and FAQs

How do I Limit Access to my SMB Share to a Certain Host?

You can use either of the two SMB share option methods below to limit access to a Samba share based on a host or a network; both methods follow the format defined in hosts_access(5) used by tcp_wrapper.

hosts deny

This option allows you to deny access to a share for a certain host or a network.

Example

To prevent access from all nodes within the network 192.168.1.0/24 and from the node 10.10.10.1 and bad-node.example.com:

> share add smb smb1 /stornext/fs1/smb1 hosts deny = 192.168.1.0/24 10.10.10.1 bad-node.example.com

hosts allow

This option specifies the list of networks or hosts with access to the share. It overrides hosts deny; if you do not define hosts deny, then 0.0.0.0/0 is used.

Example

To limit access to a share, to a network 192.168.2.0/24 and a host 10.10.10.2:

> share add smb smb2 /stornext/fs1/smb2 hosts allow = 192.168.2.0/24 10.10.10.2

Why Can't I Change UNIX Permissions on a Directory from a Mounted Share?

When you issue the mount -t smbfs or mount_smbfs command to mount a directory as an SMB share from an OSX terminal, you cannot change the directory's UNIX permissions.

Resolution

To change a directory's UNIX permissions, do one of the following:

Access the directory from the Appliance Controller, and then change the directory's UNIX permissions.
Mount the directory from a Linux client, and then change the directory's UNIX permissions.

Why Is My Mac Samba Client Failing When I Try To Set UNIX Permissions?

Setting Unix permissions on an OS X Samba client can silently fail under the following circumstances:

The Samba mount is performed under the sysadmin credentials.
Active Directory is not used.
Local Mac credential authentication is used when creating files.

Resolution

Perform the following steps to create files and change permissions, and ensure that the OS X Samba client remains active and operational.

Make sure that the Mac Samba client's user ID matches the Appliance Controller user ID.
Use Active Directory to authenticate access to shares.

GIDs of Users in More Than 16 Groups Are Not Recognized Properly on NFS.

If a user is a member of more than 16 groups, then NFS does not process the group permission of the extra groups.

Resolution

To resolve this issue, execute the command /usr/sbin/rpc.mountd with the option --manage-gids (for additional information, see NFS rpc.mountd Options). Run the command nas rpcmountd options change to update the rpc.mountd option:

Example:

> nas rpcmountd options change --manage-gids

This will disrupt NFS access. Please unmount all NFS clients prior to doing this. Continue (yes/No)? yes

Updating value on local node...

Additional rpc.mountd options are: --manage-gids