The EMC Isilon OneFS operating system has a version of the UNIX change mode (chmod) command which works for both UNIX and Windows style of permissions and can be used when migrating UNIX permissions to Windows NTFS / Active Directory permissions. Rex Consulting has written some custom scripts which will handle this. This process has been proven at a client site where it took about 12 hours to migrate 5,000,000 files in this fashion.

Background: Traditional UNIX permissions are not the same as Windows permissions. UNIX has read, write, and execute permissions for user, group, and everyone. Windows has similar read, write, and execute permissions but instead of being for user, group, and everyone, you can assign a different “ACL” (access control list) for any number of users. Windows is thus more flexible than traditional UNIX permissions, as in UNIX, you cannot give different sets of permissions for different users or groups. Also, there are more types of permissions in Windows than just read, write, and execute.

The client:  A major architectural firm has over 5,000,000 files in two sites which are shared using SAMBA. Needless to say, the files are very important files, detailing architectural designs for all of their clients. The permissions are slightly complex. Each directory and file has UNIX ownership and permissions which grant access to appropriate users and groups. They needed to be migrated from the UNIX systems to a recently purchased EMC Isilon file server, with very little downtime. During the process the users were migrated from the UNIX user database backend (in OpenLDAP) to Windows Active Directory. The customer had detailed specific requirements to map the UNIX file permissions as closely as possible to exactly how they are under UNIX/SAMBA.

The issue: There is no “off-the-shelf” tool which can migrate the permissions en-masse according to their specific requirements.

The solution: Rex Consulting, using the OneFS “chmod” command, wrote a perl script to add Windows ACLs to the files. The files were copied from the UNIX systems to the Isilon using “rsync” and then the script from Rex Consulting updated each file and directory to add appropriate Windows ACLs. The UNIX permission to Windows ACL mappings were devised according to the requirements that were detailed in Rex Consulting’s meetings with the client. Rex Consulting worked with the customer to detail their requirements, to write the custom script, run performance tests to make sure that the migration would happen within a 48 hour window, and to manage the production running of the script.

How this can help you: If you have UNIX permissions to migrate to Windows ACLs, this script can work for you to. Please contact Rex Consulting today to find out how. +1(888)403-8996.

© Copyright 2020 Rex Consulting, Inc. – All rights reserved