Home > Storage > PowerScale (Isilon) > Product Documentation > Storage (general) > PowerScale OneFS Permission Repair Job > Multiprotocol permissions overview
For OneFS to support concurrent, multiprotocol data access natively, it maps the POSIX mode bits from NFS to the access control model of the Windows SMB protocol, and conversely. To achieve this step, OneFS provides:
In OneFS, each ACE in a security descriptor is displayed as a single line prefaced by an index number and containing the following properties:
ACE property | Description |
Identity | The identity to which the ACE applies |
Allow or Deny | Whether the ACE allows or denies the permissions listed as part of the ACE |
Permissions | A list of one or more permissions that the ACE allows or denies |
Permissions words | Indication of flags that affect inheritance behavior, if present in the ACE |
The identity can be one of these types:
For example:
-rw-r--r-- 1 root wheel 6 Mar 7 10:05 file1
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow file_gen_read,file_gen_write,std_write_dac
1: group:wheel allow file_gen_read
2: everyone allow file_gen_read
Directories can also possess two additional special identities:
For example:
drwxrws--- + 1 root wheel 42 Mar 7 10:41 dir1
OWNER: user:root
GROUP: group:wheel
0: group:wheel allow dir_gen_read,dir_gen_execute,add_file,add_subdir,container_inherit
1: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_required
2: creator_owner allow dir_gen_read,dir_gen_write,dir_gen_execute,std_required,object_inherit,container_inherit,inherit_only
3: creator_group allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit,inherit_only
An ACE can optionally contain flags that specify whether it is inherited by subdirectories or files. Inheritance takes place when files and subdirectories are created. Modifying an inherited rule affects only new files and subdirectories, not existing files and subdirectories.
The following flags specify the types of inheritance for permissions in the ACE:
Inheritance type | Description |
Object_inherit | Only files in this directory and its descendants inherit the ACE. |
Container_inherit | Only directories in this directory and its descendants inherit the ACE, |
No_prop_inherit | This ACE does not propagate to descendants (applies to object_inherit and container_inherit ACEs), |
Inherit_only | The ACE does not apply for permissions to this object, but does apply to descendants when inherited, |
Inherited_ace | The ACE was inherited, |
More information about OneFS permissions management is available in the Dell PowerScale OneFS: Authentication, Identity Management, and Authorization white paper.