+ Post New Thread
Results 1 to 6 of 6
Hardware Thread, ABE on Oracle S7000 in Technical; Hi all, I've sent this through to the guys at Cutter but thought I'd try to crowd-source an answer too ...
  1. #1
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,014
    Thank Post
    300
    Thanked 172 Times in 158 Posts
    Rep Power
    57

    ABE on Oracle S7000

    Hi all,

    I've sent this through to the guys at Cutter but thought I'd try to crowd-source an answer too as we have lots of S7000 users on here...

    Background: I have a CIFS share called ‘resources’, inside this are folders called ‘staff’ and ‘subjects’. Students have read-only access to ‘subjects’ and deny-all access on ‘staff’. The plan is to enable ABE on this share and add another folder called ‘admin’ that students will also have deny-all permissions on. I need this folder and its contents to be invisible unless a user has permissions on it.

    I set up a test share as a proof-of-concept for this and it worked flawlessly, exactly how I expected and wanted it to - i.e. for the folders on which a user doesn't have permissions, or has explicit DENY permissions, the folders aren't visible. However, I’ve just enabled ABE on the ‘resources’ share and expected ‘staff’ to disappear when viewed as a student, but it doesn’t. If I make a new folder in the root of the share on which students have no permissions, they can still see it (even though they get ‘access is denied’ when they try to access it).

    Any ideas what the problem is? There are a lot of files in this share, but I was under the impression ABE would still work for the top-level directories in which there aren’t many folders.

    EDIT: From an Oracle FAQ -

    -CIFS access-based enumeration that permits users to see only those CIFS files to which they have access, allowing users in many-client environments with shallow directory hierarchies to not be overwhelmed with files that they cannot access.
    Is this my problem? Can ABE not still work for the top-level directories?

    Thank in advance,
    Chris
    Last edited by Duke; 22nd November 2010 at 04:27 PM.

  2. #2
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,014
    Thank Post
    300
    Thanked 172 Times in 158 Posts
    Rep Power
    57
    Can't edit my post so having to reply, but I wanted to put an answer on here in case anyone else gets this.

    Try the following - Restart the CIFS service, go to the share, disable ABE and hit apply, then re-enable ABE and hit apply. Fixed it for me, cheers to Tim J @ Oracle and the guys are Cutter for great support as always.

  3. Thanks to Duke from:

    teejay (26th November 2010)

  4. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,657
    Thank Post
    350
    Thanked 789 Times in 710 Posts
    Rep Power
    344
    Ah no way was that the fix!!!

    Tim's a good guy for sure.

  5. #4
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,014
    Thank Post
    300
    Thanked 172 Times in 158 Posts
    Rep Power
    57
    Quote Originally Posted by kmount View Post
    Ah no way was that the fix!!!

    Tim's a good guy for sure.
    Weird, huh? I do kinda have to laugh when something that's essentially 'turn it off and on again' works on 80k's worth of hardware...

  6. #5

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,439
    Thank Post
    1,468
    Thanked 1,035 Times in 908 Posts
    Rep Power
    299
    Quote Originally Posted by Duke View Post
    Weird, huh? I do kinda have to laugh when something that's essentially 'turn it off and on again' works on 80k's worth of hardware...
    Sounds a bit like when I had some issues with it reading the permissions on mine, keep restarting many services in varying orders and it should work (and did!)

    Glad to hear you have it working, I've thought about ABE a few times but never been bothered to try it yet. Maybe when I get my 7120 in and start moving stuff onto it I'll give it a go then

  7. #6
    Duke's Avatar
    Join Date
    May 2009
    Posts
    1,014
    Thank Post
    300
    Thanked 172 Times in 158 Posts
    Rep Power
    57
    Quote Originally Posted by john View Post
    Glad to hear you have it working, I've thought about ABE a few times but never been bothered to try it yet. Maybe when I get my 7120 in and start moving stuff onto it I'll give it a go then
    It's actually really nice. In theory it's no more secure than standard Windows ACLs, but I find in a school environment it offers a bit more security-through-obscurity which is always a plus. I find if people can't see the file/folder then there's no temptation to try to get into it.

    There doesn't appear to be any disk or processor overhead from turning it on so no reason not to in a CIFS environment.

  8. Thanks to Duke from:

    john (29th November 2010)

SHARE:
+ Post New Thread

Similar Threads

  1. New Oracle S7000 Hardware
    By apaton in forum Hardware
    Replies: 14
    Last Post: 15th November 2010, 02:24 PM
  2. Oracle S7000 and Backup Exec 2010
    By Duke in forum Hardware
    Replies: 3
    Last Post: 26th October 2010, 08:39 AM
  3. Oracle
    By Hebdenlad in forum Hardware
    Replies: 9
    Last Post: 4th January 2010, 05:50 PM
  4. ABE on Server 2008
    By SteveT in forum Windows Server 2008
    Replies: 3
    Last Post: 26th February 2009, 03:43 PM
  5. Oracle
    By wesleyw in forum Educational Software
    Replies: 2
    Last Post: 31st January 2006, 03:57 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •