ACLs Disappear

Question

ACLs Disappear

We've been having this ongoing problem with our Xsan where on certain machines the ACLs will just disappear. The POSIX permissions are still there, but no ACLs.

I usually just do a permission propagation from the Xsan Admin application and that usually fixes it, but sometimes I've had to remove the machine from the SAN and readd it.

We use the AD-OD triangle configuration for logins and sometimes rebinding the computer to the AD fixes it, but I want a more permanent solution so I don't have to keep fixing this for our team.

There's nothing in the logs that look abnormal when it happens. Any ideas or things I should look for that might narrow down what the problem could be?

Our configuration is:
- Xsan 2.2.1
- 10.6.4
- 2 x Intel Xserves MDCs, one of the Xserves is resharing the volume over AFP.
- 4 x Mac Pros running 2.2.1

Thanks,
Jason

Mac Pro, Macbook Pro, et al, Mac OS X (10.6.4)

Posted on Aug 9, 2010 6:48 AM

Reply

Answer 1

Oct 26, 2010 2:25 AM in response to Jason Buckner

Jason,

I think we are having the same issue on our own XSAN (v2.2.1).

On the XServe (10.5) ACLS are active and working. We have 2 OS X clients (10.6 and 10.5) which are losing the ACL information spontaneously. It can work OK for days and then suddenly (it appears) the clients lose ACL information.

Umounting the XSAN volume and removing the client from the XSAN then re-adding the client again usually solves the issue...

This problem is driving us mad. We cannot depend on the XSAN volume at this moment and we are desperately looking for a solution... Anybody have information on how to solve this?

Reply

Answer 2

Dec 1, 2010 1:34 PM in response to abrinkman

I am experiencing the same exact issue. It is very frustrating.

Does anyone have a fix for this?

Reply

Answer 3

Dec 1, 2010 7:43 PM in response to HungSquirrel

We've had the same thing with an Xsan 2.2 under 10.6.x as well. Eventually, we've had to rebuild the Xsan for a number of reasons. In the mean time, I have created and distributed a fix that allows us to work with POSIX permissions and ownership in case ACLs do break:

http://www.mac-tech.net/node/99

Reply

Answer 4

jmyres

Level 1

80 points

Dec 8, 2010 10:39 PM in response to abrinkman

Is the Xserve you refer to an MDC or just a reshare? If it's an MDC make sure it's running a vesion of OS X that's at least the same or a later than your clients.

If any of your machines are a re-sharing the Xsan volume over AFP, make sure all of your users and permissions are being maintained on Open Directory. If you're also using a local directory on your re-share server that users are logging into, you will have conflicting permissions on your Xsan volume, which will caase what you are describing. Also, if you are re-sharing the volume, make sure to turn Native Extended Attributes on.

In my experience Xsan 2.2 and 10.5 do not mix well. However, 10.5 and Xsan 2.1.1 is a very solid combination. If you need to use SNL, 10.6.4 and Xsan 2.2.1 are turning out to be very good as well.

JM

Reply

Answer 5

Dec 9, 2010 1:10 PM in response to jmyres

Just throwing myself into the pile... same issue... acls randomly disappear. I've had to eliminate them and go back to POSIX and a sudoers list.

Reply

Answer 6

Mar 7, 2011 3:55 PM in response to Jason Buckner

we are having the exact same issue and we have a stornext san. so it isnt just xsan.

Reply

Answer 7

RotemD

Level 1

0 points

Mar 27, 2011 10:08 AM in response to swander42

We had the same.
The only solution that worked for us was to disconnect the machine from the server and rejoin it again.

Reply