I always grant permissions to everybody at the root, then do everything else from windows - I just find it easier. So the command I run is just:
# chmod A=everyone@:full_set:fd:allow pool/filesystem So far after doing that it's working just like a windows server as far as permissions are concerned, which is exactly what I want :) On Sat, Feb 7, 2009 at 5:37 PM, David Dyer-Bennet <[email protected]> wrote: > I'm running Solaris 2008.11, with a zfs pool primarily intended for > sharing via CIFS to Windows and Mac boxes. > > I can access a share from my windows box (using workgroup membership, no > domain, this is at home), but I get rather strange protection results. If > the top directory is mode 700, no ACL, then when I connect as the owning > user, I can list, read, and create files; but files I create end up with > mode 0 and an ACL. I guess this isn't exactly harmful; but it's *weird*. > > The files also seem to be getting set as executable by default. > > Also, does this end up taking up extra metadata space compared to not > having to have an ACL entry for each file? > > I remember from research before that there might be some recommended > mode/ACL setting for the top directory in this kind of situation that > makes for cleaner permissions settings, but I have not been able to Google > my way back to it. Any suggestions? > > Here's what the files are looking like: > > ----------+ 1 ddb other 5 Feb 7 11:13 new.bar > 0:user:ddb:read_data/write_data/append_data/read_xattr/write_xattr > /execute/delete_child/read_attributes/write_attributes/delete > /read_acl/write_acl/write_owner/synchronize:allow > 1:group:2147483648:read_data/write_data/append_data/read_xattr > /write_xattr/execute/delete_child/read_attributes/write_attributes > /delete/read_acl/write_acl/write_owner/synchronize:allow > > > -- > David Dyer-Bennet, [email protected]; http://dd-b.net/ > Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ > Photos: http://dd-b.net/photography/gallery/ > Dragaera: http://dragaera.info > > _______________________________________________ > cifs-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
