IN THIS ARTICLE
Outlines the permissions modes available in Qumulo Core
REQUIREMENTS
- Cluster running Qumulo Core for Native Permissions mode
- Cluster running Qumulo Core 2.11.4 and above for Cross-Protocol Permissions (XPP) mode
- Admin privileges on the Qumulo cluster
TIP! Check out the Cross-Protocol Permissions (XPP) article for an in-depth look at this feature.
DETAILS
With the release of 2.11.4, Qumulo Core supports two permissions modes:
- Cross-Protocol Permissions (XPP)
- Native Permissions
Prior to the introduction of Cross-Protocol Permissions in Qumulo 2.11.4, Qumulo handled mixed protocol permissions by keeping the most recent permissions change to a file or directory. We call this “Native Permissions Mode” (previously referred to as “last chmod wins”). While this behavior is straightforward, it doesn’t solve the problem encountered in mixed-protocol workloads where collaboration can cause POSIX mode bits to unnecessarily replace SMB ACLs, and vice versa.
With 2.11.4 and above, Cross-Protocol Permissions (XPP) mode enables mixed SMB and NFS protocol workflows by preserving SMB ACLs, maintaining permissions inheritance, and reducing application incompatibility related to permissions settings.
If you are not sure whether Merged Permissions v1 is currently enabled on your cluster, please contact Qumulo Care.
Recommended Permissions Mode
Qumulo recommends Cross-Protocol Permissions for most customers, even those without cross-protocol workloads. The feature available in 2.11.4 and above works transparently and automatically.
Reference the table below for an overview of the permissions modes used by Qumulo in various situations:
Set the Permissions Mode
Permissions modes can be set by your Qumulo Professional Services team installing your Qumulo cluster, or manually by you when upgrading Qumulo Core.
To enable Cross-Protocol Permissions on your cluster, run the following command:
qq fs_set_permissions_settings cross_protocol
- Enabling Cross-Protocol Permissions takes effect immediately
- No ‘tree walk’ is required
- Permissions on existing files and directories are not affected unless/until they are modified by your workflow
To disable Cross-Protocol Permissions and use Native Permissions instead, run the following command:
qq fs_set_permissions_settings native
- Changing modes takes effect immediately
- No ‘tree walk’ is required
- Permissions on existing files and directories are not affected unless/until they are modified by your workflow
To verify which permissions mode is currently in effect, run the following command:
qq fs_get_permissions_settings
Permissions modes affect activity across the entire cluster. For example, it is not possible to specify permissions modes on a per-directory basis. Only one mode can be in effect at one time — enabling a new mode will disable the current mode.
NOTE: Cross-Protocol Permissions mode reveals permissions that Native Permissions Mode hides which may trigger security checks from SSH and SSHD. If you use SSH with NFS home directories, check out the Use SSH with Cross-Protocol Permissions (XPP) article on Qumulo Care for details and considerations.
RESOLUTION
You should now have an overall understanding of the different permissions modes available in Qumulo Core
ADDITIONAL RESOURCES
Cross-Protocol Permissions (XPP)
Cross-Protocol Permissions (XPP) in Common Scenarios
Cross-Protocol (XPP) Explain Permissions Tool
Use SSH with Cross-Protocol Permissions (XPP)
Like what you see? Share this article with your network!
Comments
0 comments