Important Tips on NFS (Part 3)

  • Article

Why we are unable to do a persistent mount across logons?

Even using the command below to mount NFS share does not work:

Ø net use W: \\Server\Sharename /persistent:yes

This behavior is by design and due to security enhancement in Windows. NFS mounted drive letters are session specific. There is specific guidance that this is not recommended.

When the system establishes a redirected drive, it is stored on a per-user basis. Only the user himself can manipulate the redirected drive. The system keeps track of redirected drives based on the user's Logon Security Identifier (SID). The Logon SID is a unique identifier for the user's Logon Session. A single user can have multiple, simultaneous logon sessions on the system. All devices including mapped drives are associated with an authentication ID (LUID) - an ID generated for each logon session. (A process running in LocalSystem context can create a device name in the Global device namespace, although local namespace objects can hide global namespace objects.)

We completely understand that this behavior is not at par with Unix style of doing the same thing.

Workarounds:

Please refer to the blogs below to automate the procedure. Well this scenario is not recommended and does not guarantee a sure shot solution.

· https://blogs.technet.com/b/sfu/archive/2010/05/26/accessing-nfs-shares-through-an-application.aspx

· https://blogs.technet.com/b/sfu/archive/2009/11/20/making-nfs-volumes-available-to-users.aspx

 

 

How can I copy the NTFS permission from one folder to another?

Running the ‘icacls’ utility will generate a file called ‘ACLfile’

Suppose we have two folders under C:\ drive: “test and test1”. Using the ‘icacls’ utility, we can copy the NTFS permission from one folder and restore it on another.

To Copy permission of the folder test:

C:\>icacls c:\test /save Aclfile /T

processed file: c:\test

Successfully processed 1 files; Failed processing 0 files

C:\>

Now we need to edit the ACL file and replace the file name test with test1 to restore the permission.

Restore the permission to another folder (test1) under C: drive

C:\>icacls c:\ /restore Aclfile

processed file: c:\test1

Successfully processed 3 files; Failed processing 0 files

C:\>

You can verify the NTFS permission running the cacls command:

C:\> cacls c:\test

c:\test NT AUTHORITY\ANONYMOUS LOGON:(OI)(CI)R

        Everyone:(OI)(CI)R

        NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F

        BUILTIN\Administrators:(OI)(CI)(ID)F

        BUILTIN\Users:(OI)(CI)(ID)R

        BUILTIN\Users:(CI)(ID)(special access:)

                              FILE_APPEND_DATA

        BUILTIN\Users:(CI)(ID)(special access:)

                              FILE_WRITE_DATA

        CREATOR OWNER:(OI)(CI)(IO)(ID)F

C:\>cacls c:\test1

c:\test1 NT AUTHORITY\ANONYMOUS LOGON:(OI)(CI)R

         Everyone:(OI)(CI)R

         NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F

         BUILTIN\Administrators:(OI)(CI)(ID)F

         BUILTIN\Users:(OI)(CI)(ID)R

         BUILTIN\Users:(CI)(ID)(special access:)

                               FILE_APPEND_DATA

         BUILTIN\Users:(CI)(ID)(special access:)

                               FILE_WRITE_DATA

         CREATOR OWNER:(OI)(CI)(IO)(ID)F

C:\>

 

 

What are the basic NFS commands?

1. In case Windows is a NFS server then, we can run the following command:

· showmount –e localhost ( from Windows server) èThis will list the number for NFS share

· rpcinfo –p localhost èThis will list the NFS related services

· nfsshare <sharename> èThis will list the nfs share properties

· cacls < Location of the NFS share> è This will list the NTFS permission on the NFS share

2. Alternately, you can also run the following command from Windows side:

· nfsadmin <server\mapping\client>