Qumulo Core Permissions Modes

REQUIREMENTS

Cluster running Qumulo Core for Native Permissions mode
Cluster running Qumulo Core 2.11.4 and above for Cross-Protocol Permissions (XPP) mode
Admin privileges on the Qumulo cluster

TIP! Check out the Cross-Protocol Permissions (XPP) article for an in-depth look at this feature.

DETAILS

With the release of 2.11.4, Qumulo Core supports two permissions modes:

Cross-Protocol Permissions (XPP)
Native Permissions

Prior to the introduction of Cross-Protocol Permissions in Qumulo 2.11.4, Qumulo handled mixed protocol permissions by keeping the most recent permissions change to a file or directory. We call this “Native Permissions Mode” (previously referred to as “last chmod wins”). While this behavior is straightforward, it doesn’t solve the problem encountered in mixed-protocol workloads where collaboration can cause POSIX mode bits to unnecessarily replace SMB ACLs, and vice versa.

With 2.11.4 and above, Cross-Protocol Permissions (XPP) mode enables mixed SMB and NFS protocol workflows by preserving SMB ACLs, maintaining permissions inheritance, and reducing application incompatibility related to permissions settings.

If you are not sure whether Merged Permissions v1 is currently enabled on your cluster, please contact Qumulo Care.

Recommended Permissions Mode

Qumulo recommends Cross-Protocol Permissions for most customers, even those without cross-protocol workloads. The feature available in 2.11.4 and above works transparently and automatically.

Reference the table below for an overview of the permissions modes used by Qumulo in various situations:

Set the Permissions Mode

Permissions modes can be set by your Qumulo Professional Services team installing your Qumulo cluster, or manually by you when upgrading Qumulo Core.

To enable Cross-Protocol Permissions on your cluster, run the following command:

qq fs_set_permissions_settings cross_protocol

Enabling Cross-Protocol Permissions takes effect immediately
No ‘tree walk’ is required
Permissions on existing files and directories are not affected unless/until they are modified by your workflow

To disable Cross-Protocol Permissions and use Native Permissions instead, run the following command:

qq fs_set_permissions_settings native

Changing modes takes effect immediately
No ‘tree walk’ is required
Permissions on existing files and directories are not affected unless/until they are modified by your workflow

To verify which permissions mode is currently in effect, run the following command:

qq fs_get_permissions_settings

Permissions modes affect activity across the entire cluster. For example, it is not possible to specify permissions modes on a per-directory basis. Only one mode can be in effect at one time — enabling a new mode will disable the current mode.

NOTE: Cross-Protocol Permissions mode reveals permissions that Native Permissions Mode hides which may trigger security checks from SSH and SSHD. If you use SSH with NFS home directories, check out the Use SSH with Cross-Protocol Permissions (XPP) article on Qumulo Care for details and considerations.