Kevin, (and others)
Just try a recursive chmod over your filesystem, then I do as Ross
does - fine tune it all in Windows, works a treat.
e.g.
chmod -R A=everyone@:rwxpdDaARWcCos:fd:allow /pool/filesystem
Regards,
---
Cooper Ry Lees
UNIX Evangelist - Information Management Services (IMS)
Australian Nuclear Science and Technology Organisation
T +61 2 9717 3853
F +61 2 9717 9273
M +61 403 739 446
E [EMAIL PROTECTED]
www.ansto.gov.au
Important: This transmission is intended only for the use of the
addressee. It is confidential and may contain privileged information
or copyright material. If you are not the intended recipient, any use
or further disclosure of this communication is strictly forbidden. If
you have received this transmission in error, please notify me
immediately by telephone and delete all copies of this transmission as
well as any attachments.
On 27/11/2008, at 9:00 AM, Ross Smith wrote:
Yes, I generally replace all the permissions, and just realised my
syntax above was wrong. It should be:
# /usr/bin/chmod A=everyone@:full_set:fd:allow /path
That replaces all the default ACL's with just one for everyone.
Ross
On Wed, Nov 26, 2008 at 9:48 PM, Ian Collins <[EMAIL PROTECTED]> wrote:
Ross Smith wrote:
On Wed, Nov 26, 2008 at 7:24 AM, Kevin Sumner <[EMAIL PROTECTED]
> wrote:
Hi,
I have installed OSol from 2008.11rc1 media (immediately updated
to rc2 via pkg) and have created a zpool called 'datapool' on a
500GB drive. I have already moved some data to it, and while in
the process of setting it up as a CIFS/NFS NAS I ran into problem.
I setup the CIFS server and set it to workgroup mode, using the
article over at the genunix wiki as a guide.. I've shared
datapool as sharesmb="name=media". I can authenticate and mount
the media share via CIFS from both my Vista SP1 box and my Ubuntu
8.10 laptop. Once mounted, though, I can see the folders inside
of the share, but I can't view their contents, nor the
permissions on the subdirectories, nor the permissions on the
share itself -- all these operations fail with an "Access is
denied" message on Vista (similar message on Ubuntu). I've tried
mounting with both my local account and root, with no difference
in behavior. I've tried changing the permissions to be less
restrictive and still no change.
To work with this issue, I've setup a test volume called
'datapool/test' similar to how the other volumes were created
(see below) and populated it with a few files:
pfexec zfs create -o casesensitivity=mixed datapool/test
Help getting this rolling would be greatly appreciated. As
requested in other threads, I've attached the output of cifs-
chkcfg, cifs-gendiag, and a snoop during authentication. The 'ls
-V' output is below -- datapool has somewhat strange permissions
due to my previous attempts to fix this myself:
# ls -ldV /datapool /datapool/test
dr-xr-xr-x+ 9 root sysadmin 9 Nov 26 01:54 /datapool
everyone@:r-x---a-R-c--s:-------:allow
group:sysadmin:rwxpdDaARWcCos:fd-----:allow
group:users:r-x---a-R-c--s:fd-----:allow
drwxr-xr-x 4 root root 6 Nov 26 01:56 /datapool/
test
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
I don't think this is necessarily a bug, probably configuration
error on my part.
You have deny entries in there which would tend to cause problems in
windows, since there deny entries take precedence over everything
else.
In particular the everyone.... deny entry is likely to cause
problems.
I take a simple approach to security for CIFS, I grant everyone full
permissions on the main folder, and then do my fine tuning from
within
windows.
To grant full permissions, run:
# /usr/bin/chmod everyone@:full_set:fd:allow /path
I don't know how to propagate the changes down to sub-folders I'm
afraid, but that will at least set your permissions so that the root
folder can be managed from windows, and from there it's easy to
reset
permissions on child objects, and tighten up security to how you
want
it.
Those are pretty much vanilla ZFS ACLs. There are always deny
entries
created, even when an ACL hasn't been set. For example,
webhost> ls -Vd .
drwxrwxrwx 4 ian staff 12 Nov 27 10:32 .
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:--------------:-------:deny
group@:rwxp----------:-------:allow
everyone@:-------A-W-Co-:-------:deny
everyone@:rwxp--a-R-c--s:-------:allow
Do you recommend changing all ZFS ACLs when using CIFS?
--
Ian.
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
