Isilon's "Run as Root" file attribute for Administrators

 

The Isilon runs its SMB services on top of a Unix based appliance.  

To work around a SMB/Unix filesystem permission problem, they've introduced an attribute called "Run as Root".  This is a SMB Share permission attribute that's unique to the Isilon.

"Run as Root" is required for a user to change file ownership to another user. It's also required to change the top level NTFS permissions" on a file structure. 

The potential downside to "Run as Root" is that files and directories that are created from scratch by a user who has it will show their file ownership as "Root" instead of the AD userid. "Run as Root" also bypasses NTFS permissions that are set for your file structure. So if your audit needs require Share and NTFS permission isolation for your Admins, you will want to be cautious with who it's assigned to.

Since "Run as Root" is mostly just useful during the setup phase of the Isilon, and for running Robocopies, some units have elected to assign it to a service user instead of their -ADM accounts. 

Others have us assign it to their -ADM accounts temporarily in order to get the filesystem set up and file contents copied over, then ask us to remove it. 

Please let us know which, if any accounts, need to have "Run as Root" enabled. It's not included in Full share permissions by default.