Administrator Guide
Change the Owner of an SMB Share Using the FluidFS Cluster Administrator Account
If the FluidFS cluster is not joined to Active Directory, use the Administrator account to change the owner of an SMB share. These
steps might vary slightly depending on which version of Windows you are using.
1. Start the Map network drive wizard.
2. In Folder type: \\<client_VIP_or_name>\<SMB_share_name>
3. Select Connect using dierent credentials.
4. Click Finish.
5. When prompted, type the Administrator credentials and click OK.
6. Right-click the mapped SMB share (folder) and select Properties. The Properties dialog box appears.
7. Click the Security tab and then click Advanced. The Advanced Security Settings dialog box appears.
8. Click the Owner tab and then click Edit. The Advanced Security Settings dialog box appears.
9. Click Other users or groups. The Select User or Group dialog box appears.
10. Select the domain admin user account that is used to set ACLs for this SMB share or select the Domain Admins group.
Alternatively, the FluidFS cluster Administrator account can be used. Click OK.
11. Ensure that Replace owner on subcontainers and objects is selected and click OK.
12. After the owner is set, unmap the network drive.
13. Remap the network drive as the account that has ownership of it, as previously set in step 10.
14. Click the Permissions tab of the Advanced Security Settings dialog box and follow Microsoft’s best practices to assign ACL
permissions for users and groups to the SMB share.
Managing ACLs or SLPs on an SMB Share
The FluidFS cluster supports two levels of access control to SMB shares, les, and folders:
• Access control lists (ACLs): Govern access to specic les and folders. The administrator can control a wide range of
operations that users and groups can perform.
• Share-level permissions (SLPs): Govern access to entire shares. The administrator controls only read, change, or full access to
an entire share.
SLPs are limited because they only address full control, modify, and read rights for any given user or group at the SMB share level.
ACLs control many more operations than only read/change/full access. Use the default setting for SLP (authenticated users has full
control) and use ACLs to control access to the SMB share, unless a specic requirement for SLPs cannot be accomplished using
ACLs.
A Windows administrator should follow the best practices dened by Microsoft for ACLs and SLPs.
NOTE: Do not attempt to create an SMB share using MMC. Use MMC only to set SLPs.
Automatic ACL to UNIX Word 777 Mapping
When les with Windows ACLs are displayed from NFS clients, the FluidFS mapping algorithm shows a translated UNIX access
mode. Perfect translation is not possible, so a heuristic is used to translate from the rich Windows ACL to the 9 bits of the UNIX
word. However when some special SIDs are used inside ACL (for example, creator-owner ACE), the mapping can be inaccurate. For
some applications, NFS clients must see the exact mapping or a mapping for more permissive access. Otherwise, the NFS
applications might not perform denied operations.
This release adds an option that causes all objects with SMB ACLs to be presented with UNIX Word 777 from NFS clients (for
display only). This option, which is disabled by default, can be congured under NAS Volume settings.
1. Click the Storage view and select a FluidFS cluster.
2. Click the File System tab.
3. Select a volume and click Edit Settings.
4. In the Edit NAS Volume Settings panel, click Interoperability.
FluidFS NAS Volumes, Shares, and Exports
573