When an NFS client creates files by using a Windows Services for UNIX server for NFS, Windows users cannot access the files (920752)

SYMPTOMS

When a Network File System (NFS) client creates files by using a Microsoft Windows Services for UNIX server for NFS, Windows users cannot access the files.

This problem occurs when the following conditions are true:

The NFS client that created the file is connected to the UNIX server anonymously.
The file is created by using a mode that disables other access.

CAUSE

This problem occurs because Server for NFS adds the following access control entries for the files:

Owner
Entry
Group

This behavior corresponds with traditional NFS and UNIX system behavior. The NFS client determines the rights for each access control entry. When Server for NFS creates files anonymously, the access control entry for the owner is NULL SID. The group is Anonymous Logons.

Therefore, if a client requests a file that is created by using a mode that disables other access, only the NULL SID account can access the file. This behavior prevents Windows users from accessing the file or the folder.

WORKAROUND

To work around this issue, use one of the following methods:

Grant read or write permissions to the Everyone group for the files that you create.
Deploy user name mapping to eliminate anonymous access. Make sure that access control entries for the files that you create are meaningful to Windows users.
On UNIX-like operating systems, use the umask(1) command to make sure that the Everyone group has read access.
Set inheritable access control entries on top-level folders. You can then access newly created files and folders without relying on users to give you read and write permissions to specific folders and shares.

For more information about how to set inheritable access control entries for shares that are exported over NFS, click the following article number to view the article in the Microsoft Knowledge Base:
321049 ACE inheritance in Windows Services for UNIX