This discussion is locked
Daltmansq1
Level 1 (0 points)

Q: Xsan and ACL permission in OD

We have a 2 XServers running 10.6.6 that are both metadata controllers and running OD on them. They are connected to a XSAN ver 2.2.1 and we have 3 MacPro clients. Typically the SAN will mount on all the MacPros and have complete access to every directory and no restriction.

Now we are trying to add some restrictions to a few directories by using ACL permissions. via the Server manager we added OD groups to the ACL and then propagated the permissions. Clients like the MacPro's that mount the SAN via Fiber do not seem to be restricted and clients the access the SAN shares from AFP over ethernet also don't seem to be restricted.
The problem seems to be that anyone with an OD account can get to the SAN and into and directory and we would like to lock things down. Even if that user account is not in the ACL of the root of the SAN they can still get to all the files and directories.

Can someone tell us what we are doing wrong?

Xserver / XSAN, Mac OS X (10.6.6)

Posted on Mar 8, 2011 6:05 AM

Close
Daltmansq1

Q: Xsan and ACL permission in OD

  • All replies
  • Helpful answers

  • by Eric Hemmeter,

    Eric Hemmeter Eric Hemmeter Mar 21, 2011 1:31 PM in response to Daltmansq1
    Level 1 (5 points)
    Mar 21, 2011 1:31 PM in response to Daltmansq1
    The first thing to check is that you have removed the default POSIX access of everyone can read.
    Also all of your clients are bound to OD as well right? at least for the direct attached clients that will be necessary for them to understand the permissions based off OD users.

    Also I believe that you need to unmount and remount the volumes/shares for the permissions change to take effect. The Finder seems to cache permissions.