Print Email PDF

Cross-Protocol Permissions (XPP)

  1. Qumulo Care
  2. Permissions

IN THIS ARTICLE 

Outlines how to utilize Cross-Protocol Permissions (XPP) in Qumulo Core

REQUIREMENTS

  • Cluster running Qumulo Core 2.11.4 and above
  • Admin privileges on the Qumulo cluster

TIP! Want to test out this feature before you enable it on your cluster? Check out the Cross-Protocol Permissions Test Drive site to see it in action.

DETAILS 

Qumulo is a modern, highly scalable file storage system that serves clients over multiple protocols, including Server Message Block (SMB) and Network File System (NFS). SMB and NFS permissions models can interoperate at a basic level, but SMB offers a much richer definition of permissions which is not compatible with NFS. Without a way to manage the differences and intelligently ‘translate’ between the two protocols, undesirable behavior can occur when the same files and directories are accessed from both SMB and NFS.

Cross-Protocol Permissions (XPP) enables mixed SMB and NFS protocol workflows by preserving SMB ACLs, maintaining permissions inheritance, and reducing application incompatibility related to permissions settings.

Cross-Protocol Permissions is designed to operate as such:

  • Where there is no cross-protocol interaction, Qumulo operates precisely to protocol specifications.
  • When conflicts between protocols arise, Cross-Protocol Permissions works to minimize the likelihood of application incompatibilities.
  • Cross-Protocol Permissions will not break compatibility with previous Qumulo releases.
  • Enabling Cross-Protocol Permissions won’t change rights on existing files on a filesystem. Changes may only happen if files are modified while the mode is enabled.

To see more in-depth details of how we considered the cross-protocol challenges and the new behaviors we introduced in Cross-Protocol Permissions, check out the Cross-Protocol Permissions in Common Scenarios article.

IMPORTANT! If your organization is using Merged Permissions v1, the earlier version of permissions management, you will notice differences in the way Cross-Protocol Permissions manages your file permissions. Cross-Protocol Permissions will replace Merged Permissions v1 and support for Merged Permissions v1 will be ending in a future release of Qumulo Core. If you are not sure whether Merged Permissions v1 is currently enabled on your cluster, please contact Qumulo Care.

Expected Behaviors with Cross-Protocol Permissions

If you have taken a hands-on approach to managing permissions in the past, you will likely want to understand how Cross-Protocol Permissions works at a detailed level.

Reference the table below for expected feature behaviors in common workflows:

permissions_behaviors.png

NOTE: Cross-Protocol Permissions mode reveals permissions that Native Permissions Mode hides which may trigger security checks from SSH and SSHD. If you use SSH with NFS home directories, check out the Use SSH with Cross-Protocol Permissions article for details and considerations.

Enable Cross-Protocol Permissions

To enable Cross-Protocol Permissions on your cluster, run the following command:

qq fs_set_permissions_settings cross_protocol
  • Enabling Cross-Protocol Permissions takes effect immediately
  • No ‘tree walk’ is required
  • Permissions on existing files and directories are not affected unless/until they are modified by your workflow

While existing permissions are not affected until they are modified by your workflow, it is recommended to create a snapshot before enabling Cross-Protocol Permissions in a production environment.

Disable Cross-Protocol Permissions

To disable Cross-Protocol Permissions and use Native Permissions instead, run the following command:

qq fs_set_permissions_settings native
  • Changing modes takes effect immediately
  • No scan of the file tree is required
  • Permissions on existing files and directories are not affected unless/until they are modified by your workflow

Check the Permissions Mode

You can run the following command to check which permissions mode is currently in effect. 

qq fs_get_permissions_settings

For additional details on the permissions modes available in 2.11.4 and above, reference the Qumulo Core Permissions Modes article.

Troubleshooting Permissions 

Explain Permissions Tools is a suite of diagnostic utilities available in 2.11.4 and above which can examine a given file or directory, and break down how permissions sets were derived. 

Check out the Cross-Protocol Explain Permissions Tools article for additional details on using this utility with your file permissions.

RESOLUTION 

You should now be able to successfully utilize Cross-Protocol Permissions (XPP) in Qumulo Core

ADDITIONAL RESOURCES

Cross-Protocol Permissions (XPP) in Common Scenarios

Qumulo Core Permissions Modes

Cross-Protocol (XPP) Explain Permissions Tool

Use SSH with Cross-Protocol Permissions(XPP)

QQ CLI: File System

 

Like what you see? Share this article with your network!

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Have more questions?
Open a Case
Share it, if you like it.