[gpfsug-discuss] Mapping GPFS v5 Windows client to same UID...?

IBM Spectrum Scale scale at us.ibm.com
Tue Feb 5 20:09:07 GMT 2019 

Hello Henrik,

What you are seeing has to do with whether UAC (User Access Control) is 
enabled/disabled on Windows.

On Windows 7 and 2012R2 etc, my guess is that you have disabled UAC (since 
that is what GPFS required in the past). When UAC is disabled, the default 
owner of a local file/dir created by a user that is member of 
Administrators group, is set as Administrators (SID = S-1-5-32-544). That 
is mapped to autogenerated-id 15,000,000 in your case. On Windows 10 
(where UAC MUST stay enabled), the behavior changes. When UAC is not 
disabled (and NOT running elevated), the default owner of a local file/dir 
created by a user that is member of Administrators group, is set to that 
user SID. Hence, it is not S-1-5-32-544, rather a unique SID for that 
local user. In absence of AD setup and RFC 2307 mappings, GPFS is 
auto-mapping that user SID to 15,000, 270 in your case. As you see, the 
state of UAC results in different owners.

You simply cannot disable UAC on Windows 10 (and newer versions) since it 
breaks certain OS components! Hence, to get consistent behavior (the 
latter semantics where file owner = user SID), you could enable UAC on 
Windows 7/2012R2 to default (instead of disabling it). GPFS 4.2.3.12 works 
with UAC enabled. Remember though that the old 15,000,000 is on-disk ACL 
structures, hence you will have to explicitly set/change owner to yourself 
(to update to 15,000,270) for existing files. Any new files/dirs though 
should default to 15,000,270.

You could also add an ACL entry for Administrators group or individual 
users granting desired access instead of relying on file ownership for 
access rights.

Regards, The Spectrum Scale (GPFS) team

------------------------------------------------------------------------------------------------------------------
If you feel that your question can benefit other users of  Spectrum Scale 
(GPFS), then please post it to the public IBM developerWroks Forum at 
https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479
. 

If your query concerns a potential software error in Spectrum Scale (GPFS) 
and you have an IBM software maintenance contract please contact 
1-800-237-5511 in the United States or your local IBM Service Center in 
other countries. 

The forum is informally monitored as time permits and should not be used 
for priority messages to the Spectrum Scale (GPFS) team.



From:   "Henrik Cednert (Filmlance)" <henrik.cednert at filmlance.se>
To:     gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:   02/05/2019 11:21 AM
Subject:        [gpfsug-discuss] Mapping GPFS v5 Windows client to same 
UID...?
Sent by:        gpfsug-discuss-bounces at spectrumscale.org



Hello

Odd. Apparently i have issues posting to the list again. Sorry if this 
comes in double. 

I’ve read a bit about this on the net but can’t wrap my tiny little brain 
around it. 

We have a bunch of windows 7 and 2012r2 clients that ran v4 previously. 
After a system/server upgrade of the DDN Mediascaler to 4.2.3.12 we had to 
upgrade those clients to v5 so that they're compatible. In addition to 
that a new v5 windows 10 client was deployed. 

The old windows 7 and 2012r2 clients writes to the system with the same 
UID, 15000000, but unique GID. The new client has its UID set to 12000270 
and an unique GID. This cases all sorts of painful verbal and non verblam 
symptoms. 

Funny thing is that a newly added 2012r2 windows client has UID 15000000, 
so it’s just the windows 10 client that messes with me. All have been 
installed with same installers and same procedures. 

Since all the others can write with same UID this new windows 10 one for 
sure has to be able to do it as well. Or? Can someone please point me in 
the right direction here?

Yes, I know an AD is best practice. But not possible at the moment so I’d 
just like to restore the same functionality that we had before upgrade. 

Cheers and thanks. 

-- 
Henrik Cednert  /  + 46 704 71 89 54  /  CTO  /  Filmlance
Disclaimer, the hideous bs disclaimer at the bottom is forced, sorry. ?\_(
ツ)_/? 

Disclaimer

The information contained in this communication from the sender is 
confidential. It is intended solely for use by the recipient and others 
authorized to receive it. If you are not the recipient, you are hereby 
notified that any disclosure, copying, distribution or taking action in 
relation of the contents of this information is strictly prohibited and 
may be unlawful.
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=IbxtjdkPAM2Sbon4Lbbi4w&m=WEtGqEikAHptrhNUxYjEd8vfm1bPVcbCgEcMH4rp-UM&s=MeyrAfodvNKjIFQuVsfXbLlTAQvTBnUVgvNJqv901RA&e=





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190205/3c122ed4/attachment-0002.htm>

More information about the gpfsug-discuss mailing list