Restrictchown not working on a Cluster environment

  • Article

Recently we got a case where the customer was trying to enable the Unix client to change the ownership of file and folders on a NFS
share hosted on a cluster resource. We can achieve this by modifying the below registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerForNfs\CurrentVersion\Exports\<No>/Restrictchown ; (where <No> refers to the NFS share no.) assigned to 0 and restart the NFS Service.

 

This works fine on a standalone system. But in a cluster environment this registry key is only available when the resource is online. If
we change the value to 0; the test from UNIX machine shows it is not effective. So, we attempt to take the resource offline and bring it back. This causes the registry to get the default value 1.

 

Also, we tried to fallback to other node (instead of taking it offline); however on the second node this registry is created with the value
of default value of 1.

 

With more research we found that the configuration information for cluster shares are mastered on the cluster resource properties
for the share. They are copied from there to the normal registry just while the share is present on the node and then deleted afterwards.

 

With testing we saw that the Restrictchown properties are displayed under the private properties of the cluster resource.

 

For example:

 

C:\>cluster resource NFS-Resource /privproperties

 

Listing private properties for
'NFS-Resource':

  

T Resource Name Value

--
-------------------- ------------------------------ -----------------------

S NFS-Resource ShareName NFS-Resource

S NFS-Resource Path s:\NFS-Resource

D NFS-Resource ShareSubDirs 0 (0x0)

S NFS-Resource PermissionsV2

D NFS-Resource GlobalPermV2 10 (0xa)

D NFS-Resource AnonymousAccessAllowed 1 (0x1)

L NFS-Resource UnmappedUID -2 (0xfffffffe)

L NFS-Resource UnmappedGID -2 (0xfffffffe)

D NFS-Resource Encoding 7 (0x7)

D NFS-Resource SecurityFlavor 2 (0x2)

D NFS-Resource RestrictChown 0 (0x0)

D NFS-Resource SymbolicLinks 1 (0x1)

D NFS-Resource TruncateNames 0 (0x0)

 

The command below will force the desired behavior:

  • cluster resource <NFS-Resource> /privproperties RestrictChown=0