This discussion is locked
Jason Buckner

Q: ACLs Disappear

We've been having this ongoing problem with our Xsan where on certain machines the ACLs will just disappear. The POSIX permissions are still there, but no ACLs.

I usually just do a permission propagation from the Xsan Admin application and that usually fixes it, but sometimes I've had to remove the machine from the SAN and readd it.

We use the AD-OD triangle configuration for logins and sometimes rebinding the computer to the AD fixes it, but I want a more permanent solution so I don't have to keep fixing this for our team.

There's nothing in the logs that look abnormal when it happens. Any ideas or things I should look for that might narrow down what the problem could be?

Our configuration is:
- Xsan 2.2.1
- 10.6.4
- 2 x Intel Xserves MDCs, one of the Xserves is resharing the volume over AFP.
- 4 x Mac Pros running 2.2.1

Thanks,
Jason

Mac Pro, Macbook Pro, et al, Mac OS X (10.6.4)

Posted on Aug 9, 2010 6:48 AM

Close

Q: ACLs Disappear

  • All replies
  • Helpful answers

  • by abrinkman,

    abrinkman abrinkman Oct 26, 2010 2:25 AM in response to Jason Buckner
    Level 1 (0 points)
    Oct 26, 2010 2:25 AM in response to Jason Buckner
    Jason,

    I think we are having the same issue on our own XSAN (v2.2.1).

    On the XServe (10.5) ACLS are active and working. We have 2 OS X clients (10.6 and 10.5) which are losing the ACL information spontaneously. It can work OK for days and then suddenly (it appears) the clients lose ACL information.

    Umounting the XSAN volume and removing the client from the XSAN then re-adding the client again usually solves the issue...

    This problem is driving us mad. We cannot depend on the XSAN volume at this moment and we are desperately looking for a solution... Anybody have information on how to solve this?
  • by HungSquirrel,

    HungSquirrel HungSquirrel Dec 1, 2010 1:34 PM in response to abrinkman
    Level 1 (0 points)
    Dec 1, 2010 1:34 PM in response to abrinkman
    I am experiencing the same exact issue. It is very frustrating.

    Does anyone have a fix for this?
  • by Florian Feuser,

    Florian Feuser Florian Feuser Dec 1, 2010 7:43 PM in response to HungSquirrel
    Level 1 (15 points)
    Dec 1, 2010 7:43 PM in response to HungSquirrel
    We've had the same thing with an Xsan 2.2 under 10.6.x as well. Eventually, we've had to rebuild the Xsan for a number of reasons. In the mean time, I have created and distributed a fix that allows us to work with POSIX permissions and ownership in case ACLs do break:

    http://www.mac-tech.net/node/99
  • by jmyres,

    jmyres jmyres Dec 8, 2010 10:39 PM in response to abrinkman
    Level 1 (80 points)
    Dec 8, 2010 10:39 PM in response to abrinkman
    Is the Xserve you refer to an MDC or just a reshare? If it's an MDC make sure it's running a vesion of OS X that's at least the same or a later than your clients.

    If any of your machines are a re-sharing the Xsan volume over AFP, make sure all of your users and permissions are being maintained on Open Directory. If you're also using a local directory on your re-share server that users are logging into, you will have conflicting permissions on your Xsan volume, which will caase what you are describing. Also, if you are re-sharing the volume, make sure to turn Native Extended Attributes on.

    In my experience Xsan 2.2 and 10.5 do not mix well. However, 10.5 and Xsan 2.1.1 is a very solid combination. If you need to use SNL, 10.6.4 and Xsan 2.2.1 are turning out to be very good as well.

    JM
  • by David Moody,

    David Moody David Moody Dec 9, 2010 1:10 PM in response to jmyres
    Level 1 (15 points)
    Dec 9, 2010 1:10 PM in response to jmyres
    Just throwing myself into the pile... same issue... acls randomly disappear. I've had to eliminate them and go back to POSIX and a sudoers list.
  • by swander42,

    swander42 swander42 Mar 7, 2011 3:55 PM in response to Jason Buckner
    Level 1 (0 points)
    Mar 7, 2011 3:55 PM in response to Jason Buckner
    we are having the exact same issue and we have a stornext san. so it isnt just xsan.
  • by RotemD,

    RotemD RotemD Mar 27, 2011 10:08 AM in response to swander42
    Level 1 (0 points)
    Mar 27, 2011 10:08 AM in response to swander42
    We had the same.
    The only solution that worked for us was to disconnect the machine from the server and rejoin it again.