Help on Access > ACL Policy Settings > ACL Policy Settings

The following information and controls appear on Access > ACL Policy Settings > ACL Policy Settings.

Environment

Specifies the environment of the EMC Isilon cluster. The environment you select will automatically select the general and advanced ACL settings that are optimal for the environment selected. Select one of the following values:
  • UNIX only
  • Balanced (default option)
  • Windows only
  • Custom environment

General ACL Settings

ACL Creation Through SMB
Specifies whether to allow ACLs to be created on files that have been accessed by a client connected to the cluster over SMB. Select one of the following values:
  • Do not allow ACLs to be created through SMB
  • Allow ACLs to be created through SMB (default option)
Use the chmod Command On Files With Existing ACLs
Specifies the chmod action that should be taken on files that have an existing ACL. Select one of the following values:
  • Remove the existing ACL and set UNIX permissions instead
  • Remove the existing ACL and create an ACL equivalent to the UNIX permissions
  • Remove the existing ACL and create an ACL equivalent to the UNIX permissions, for all users/groups referenced in the old ACL
  • Merge the new permissions with the existing ACL (default option)
  • Deny permission to modify the ACL
  • Ignore the operation if the file has an existing ACL
ACLs Created On Directories By the chmod Command
Specifies whether ACLs created by chmod should be inheritable. Select one of the following values:
  • Make ACLs inheritable
  • Do not make ACLs inheritable (default option)
Use the chown/chgrp On Files With Existing ACLs
Specifies the chown or chgrp action that should be taken on files that have an existing ACL. Select one of the following values:
  • Modify only the owner and/or group
  • Modify the owner and/or group and ACL permissions (default option)
  • Ignore operation if the file has an existing ACL
Access checks (chmod, chown)
Specifies which users have permission to modify mode or ownership of a file. Select one of the following values:
  • Allow only the file owner to change the mode or owner of the file (UNIX model)
  • Allow the file owner and users with WRITE_DAC and WRITE_OWNER permissions to change the mode or owner of the file (Windows model) (default option)

Advanced ACL Settings

Treatment of 'rwx' permissions
Specifies how the system should treat 'rwx' permissions on a file. Select one of the following values:
  • Retain 'rwx' permissions (default option)
  • Treat 'rwx' permissions as Full Control
Group Owner Inheritance
Specifies how the system should treat ACLs for group owner inheritance. Select one of the following values:
  • When an ACL exists, use Linux and Windows semantics, otherwise use BSD semantics
  • BSD semantics — Inherit group owner from the parent folder
  • Linux and Windows semantics — Inherit group owner from the creator's primary group (default option)
chmod (007) On Files With Existing ACLs
Specifies the chmod action to take on files with an ACL. Select one of the following values:
  • chmod(007) does not remove existing ACL (default option)
  • chmod(007) removes existing ACL and sets 007 UNIX permissions
Approximate Owner Mode Bits When ACL Exists
Specifies which ACE attributes that the system should use as owner mode bits to designate owner permission. Select one of the following values:
  • Approximate owner mode bits using all possible group ACEs in ACL(default option)
  • Approximate owner mode bits using only the ACE with the owner ID
Approximate Group Mode Bits When ACL Exists
Specifies which ACE attributes that the system should use as group mode bits to designate group permission. Select one of the following values:
  • Approximate group mode bits using all possible group ACEs (default option)
  • Approximate group mode bits using only the ACE with the group ID
Synthetic "deny" ACEs
Specifies whether the system should retain or remove "deny" ACEs from ACLs. Select one of the following values:
  • Do not modify synthetic ACLs and mode bit approximations
  • Remove "deny" ACEs from ACLs. This setting can cause ACLs to be more permissive than the equivalent mode bits (default option)
Access Check (utimes)
Specifies which users have permission to modify utimes. Specifies Select one of the following values:
  • Allow only owners to change utimes to client-specific times (Posix compliant) (default option)
  • Allow owners and users with 'write' access to change utimes to client-specific times
Read only DOS Attribute
Specifies whether to deny modification of DOS read-only files over SMB only or over both NFS and SMB. Select one of the following values:
  • Deny permission to modify files with DOS read-only attribute through SMB (default option)
  • Deny permission to modify files with DOS read-only attribute through NFS and SMB
Displayed Mode Bits When ACL Exists
Specifies which method the system should use to display mode bits. Select one of the following values:
  • Use ACL to approximate displayed mode bits (default option)
  • Always display 777 if ACL exists