BookmarkSubscribeRSS Feed
Rean
Calcite | Level 5

Hi,

 

I have SAS which is on Unix but mounted on for Windows so users can see their files and folder as per normal Windows view as opposed to Unix.

 

The problem I keep having is when i set up a folder on Windows and then files put into this directory by a user does not help them get their permissions to use that file in SAS, even though they were the ones who copied it over into the relevant directory via Windows.

 

 

I have set up users in each group and a folder named for them and the aim is they have full right within their designated folders only, so for example:

 

Team: Pricing

Folder: Pricing

Windows permissions: Full rights have been set

UNIX permissions: Full rights have been set.

 

However when SAS needs to import the file or use it, it requires me to keep updating the permissions for the user to use the file.

 

The user ID list is as follows in UNIX:

 

uid=1009802747(RPricing) gid=1009802678(pricing) groups=1009800513(domain users),1009802630(all users),1009802707(resandpri),1009802134(uwusers),1009802149(prianduw),1009802704(users),1009802631(ts users),1009802678(pricing)

SAS does not recognise this user is a member of pricing and therefore should have full rights.

 

When a new file is imported the default permission is set to:

 

d---rwx--- so this would allow all users in the group pricing to use the file but does not work on this occassion.

 

Anybody able to help please as it would be much appreciated.

 

 

Thanks

9 REPLIES 9
Kurt_Bremser
Super User

@Rean wrote:

......

 

When a new file is imported the default permission is set to:

 

d---rwx--- so this would allow all users in the group pricing to use the file but does not work on this occassion.

 

Anybody able to help please as it would be much appreciated.

 

 

Thanks


d---rwx--- cannot be the permissions of a file, as "d" points to a directory.

Setting the owner permissions to none (the first three dashes) will always prevent the owner from accessing their own files/directories, no matter what the other permissions say.

Rean
Calcite | Level 5

Hi,

 

Thanks for the reply.

 

I was wrong the 'd' is not there so it shows as:

 

----rwx--- on any new file imported into the folder.

 

What is the default setting I would need to apply on UNIX to get?

 

-rwxrwx---

 

Also is the limitation SAS only sees the first user group and not the primarty group ID?

Kurt_Bremser
Super User

@Rean wrote:

Hi,

 

Thanks for the reply.

 

I was wrong the 'd' is not there so it shows as:

 

----rwx--- on any new file imported into the folder.

 

What is the default setting I would need to apply on UNIX to get?

 

-rwxrwx---

 

Also is the limitation SAS only sees the first user group and not the primarty group ID?


It's not SAS. On the operating system level, user(owner) permissions take precedence over group and others.

If you're the owner, the system takes the first permissions set and ignores the others; if you're not the owner, but in the group, the system takes the second set and ignores the third; if you're not the owner nor in the group, the third permission set is used.

Rean
Calcite | Level 5

Hi Kurt,

 

Sorry for being slighlty think here, but how would I go about resolving this then.

 

Do i change the umask setting on UNIX, and apply soemthing to the same folder on Windows?

 

 

Thanks

Kurt_Bremser
Super User

It depends on how the network mount (if you use one) is configured. Since Windows does not have the UNIX user/group/others permission concept (as it is still DOS on steroids at heart), there has to be something done by the file sharing software. What protocol are you using (NFS, Samba, ...)?

 

The standard umask mostly comes into play when using file transfer software (ftp, sftp, WinSCP).

Rean
Calcite | Level 5

I am using NFS for the protocola and yes it is through WinSCP when uploading data.

Kurt_Bremser
Super User

WinSCP uses SSH, not NFS. For NFS you would need a Windows NFS client (very rare, usually Samba server is used on UNIX so that the native Windows CIFS/SMB protocol can be used from Windows clients.

NFS preserves permissions across network mounts, as it understands the user/group/others principle.

If you do your uploads with WinSCP, the umask of the user comes into play. If you want your files to be read/writable by user and group, but not by others, set your umask to 007.

SurajChand
Obsidian | Level 7

Hi Rean,

 

Setting the UMask value is the best way to get the solution with such issues but as much i knows UMask value should be 0022 for SAS.

 

Accoording to your statement it seems that you have configured the samba to share the location with windows operating system. you can set the permisson on that particular shared directory by using following command.

 

chmod -R 770 direcory name or mount point

 

For example :-  chmod -R 770 winshare (Where winshare is the mount point which can be access from windows operating system.)

 

All user should be in a group because others don't have the permission

 

 

Best regards

Suraj

rkbright
Obsidian | Level 7

Hi Rean - I have the same setup and I set the permissions in the directory structure, the smb.conf file and in the sasenv_local file. I configured it so everyone within an active directory group can read and write to a directory/sub directory or file without a permissions error. I support a user-base where they primarily work in teams and this configuration has generally worked well. 

 

1. create physical folder structure and add permission bits (this is the folder people will use to share/read/write data)

# sudo mkdir /mnt/shareFolder

# chown -R owner.primaryGroup /mnt/ShareFolder

# chmod -R 2775 /mnt/ShareFolder

* this adds the permission bits to all sub-directories and folders --> drwxrwsr-x 

 

2. create share folder and add permissions to /etc/samba/smb.conf file

[Folder Name]
comment = Folder Name
path = /path/to/physical/folder/location
browseable = yes
write = yes
read only = no
valid users = @group1, @group2, etc...
write list = @group1, @group2, etc...
create mask = 0775
force create mode = 775
create directory mask = 0775
force directory mode = 775
force group = @group

* this sets the permissions when a user creates and interacts with files via a Windows Explorer window

 

3. update /opt/sas/SASHome/SASFoundation/9.4/bin/sasenv_local

add umask 002

* this sets the permissions for when a user writes to a shared folder location from SAS

 

All Done!!

 

Let me know how it goes if you have not already found a solution.

 

Richard

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 6551 views
  • 0 likes
  • 4 in conversation