Hi marks,
Thanks for the reply. However it doesn't provide any help for my issue.
See my additional comments below.
> marks Wrote:
>
> With the latest bits you could have used the new
> full_set alias, such as:
>
> chmod A1=owner@:full_set:fd:allow /test
>
> we also have read_set, write_set and modify_set
This is a nice bit of information, but the way I did this gave the same
results. So it doesn't really help resolve the issue.
> Have you set the zfs aclinherit property to
> passthrough?
>
> With the latest OpenSolaris bits and with aclinherit
> set to passthrough
> you would have created this ACL from Solaris.
>
> $ mkdir dir.1.1
> $ ls -dV dir.1.1
> drwxrws---+ 2 marks staff 2 Sep 27 18:43
> dir.1.1
> owner@:rwxpdDaARWcCos:fdi---I:allow
> owner@:rwxpdDaARWcCos:------I:allow
> group@:rwxpdDaARWcCos:fdi---I:allow
> group@:rwxpdDaARWcCos:------I:allow
>
> It looks like you have an non-updated version of
> OpenSolaris 0508. You
> will need to update your system to get the new
> passthrough behavior that
> went into build 88.
>
> Have you done an pkg image-update of this system?
I have specifically not done a "pkg image-update" on this system because I
tried it once and corrupted the entire system and had to re-install from the
beginning. I just haven't wanted to try and do this again yet.
But with that said, even your example above shows the exact same settings on
the directory where the inheritance bits are; :fdi---I: Which I believe is the
cause of my problem to begin with.
You also must not have noticed at the bottom where I mentioned that I have
tried setting "aclinherit=passthrough" which did not help. It did change some
of the inherited regular properties but did not fix the inheritance properties.
I did not have that set in my example and had just mentioned it at the bottom,
so it's understandable that you would think I missed it.
> Not sure why the CIFS server created the ACL with
> only inherit only
> ACEs. I will leave that for Afshin to explain.
This part is what I really need to understand and get resolved.
====> In order to help anyone trying to follow this thread, here is a
reproducible set of steps showing the problem I am facing. I also included the
"aclinherit=passthrough" to show it doesn't help.
First, starting with no zfs file system call rpool/test I run the following
script to set up the environment:
-bash-3.2$ cat /var/tmp/test-shares
echo "# Creating zfs file system with case=mixed mountpoint=/test and
aclinherit=passthrough"
pfexec zfs create -o case=mixed -o mountpoint=/test -o aclinherit=passthrough
rpool/test
echo "# Sharing out zfs file system as name=test"
pfexec zfs set sharesmb=name=test rpool/test
echo "# Changing owner of /test"
pfexec chown djc:staff /test
echo "# Changing permissions and ACL's of /test"
chmod 770 /test
chmod g+s /test
chmod A1=owner@:rwxpdDaARWcCos:fd:allow /test
chmod A3=group@:rwxpdDaARWcCos:fd:allow /test
echo "# Making a directory /test/unix-dir on the Unix side"
mkdir /test/unix-dir
-bash-3.2$ bash /var/tmp/test-shares
# Creating zfs file system with case=mixed mountpoint=/test and
aclinherit=passthrough
# Sharing out zfs file system as name=test
# Changing owner of /test
# Changing permissions and ACL's of /test
# Making a directory /test/unix-dir on the Unix side
-bash-3.2$
====> At this point I got on my Windows XP SP2 system and mapped the drive T:
to this share point. I then created the XP-dir directory seen below and the
test-* directories and files in each of the two directories (the one created on
the Solaris box and the one created from the XP box). And here is the listing
of this entire area.
-bash-3.2$ ls -Vd /test ; ls -VR /test
drwxrws---+ 4 djc staff 4 Sep 28 09:01 /test
owner@:--------------:-------:deny
owner@:rwxpdDaARWcCos:fd-----:allow
group@:--------------:-------:deny
group@:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
/test:
total 6
drwxrwsr-x+ 3 djc staff 4 Sep 28 09:07 unix-dir
owner@:rwxpdDaARWcCos:fdi---I:allow
owner@:----dDaARWcCos:------I:allow
group@:rwxpdDaARWcCos:fdi---I:allow
group@:----dDaARWcCos:------I:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:rwxp----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
drwxrws---+ 3 djc staff 4 Sep 28 09:07 XP-dir
owner@:rwxpdDaARWcCos:fd----I:allow
group@:rwxpdDaARWcCos:fd----I:allow
/test/unix-dir:
total 4
d-----S---+ 2 djc staff 2 Sep 28 09:06 test-dir-problem
owner@:rwxpdDaARWcCos:fdi---I:allow
group@:rwxpdDaARWcCos:fdi---I:allow
-rwxrwx---+ 1 djc staff 0 Sep 28 09:06 test-file-OK.txt
owner@:rwxpdDaARWcCos:------I:allow
group@:rwxpdDaARWcCos:------I:allow
/test/unix-dir/test-dir-problem:
/test/unix-dir/test-dir-problem: Permission denied
total 4
/test/XP-dir:
total 4
drwxrws---+ 2 djc staff 2 Sep 28 09:07 test-dir-OK
owner@:rwxpdDaARWcCos:fd----I:allow
group@:rwxpdDaARWcCos:fd----I:allow
-rwxrwx---+ 1 djc staff 0 Sep 28 09:06 test-file-OK.txt
owner@:rwxpdDaARWcCos:------I:allow
group@:rwxpdDaARWcCos:------I:allow
/test/XP-dir/test-dir-OK:
total 0
-bash-3.2$
====> Specifically, look very closely at the directories
/test/XP-dir/test-dir-OK and /test/unix-dir/test-dir-problem and notice that
the problem one has a permission denied when trying to look at it's contents.
Not to mention the vast difference is the ACLs when you compare them (2 entries
v. 10 entries). Not to mention that on the Solaris permissions I am back to the
000 permission problem that setting all this was supposed to fix.
Thanks,
DJ
--
This message posted from opensolaris.org
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
