I am continuing to have loads of trouble with this system. Some examples:
1. If you do a backup of a PC using xcopy, you'll find that Microsoft's system files are typically marked with multiple ACLs..."Administrator=>full control" and "user=>no rights". Under windows, a user who's an admin can read the entire thing. But after a copy to Solaris, the containing folder is copied solely as "user=>no rights" (with no administrator entry)...the folder becomes basically unwritable and the copy fails. You can't delete the resulting unwritable folder easily, either. 2. If you restore a backup from an existing samba system, Windows users will have quite a bit of difficulty resetting permissions on read-only files. I was only able to fix this reliably by using Nautilus (!) for each user, where the UI is actually quite a bit better, and doesn't randomly fail fixing up read-only bits on large folder structures. Aside from my assertion that nobody on Windows understands ACLs, here's another examples of a failure. If a folder in Windows contains files owned by various groups (but by the same user), Windows will refuse to display the ACL UI entirely, making the only solution a fix on the UNIX side. Also, the command-line chmod syntax is extremely verbose and confusing. Any hope of an easy tool? The only thing that saved me here was the Nautilus ACL UI. 3. Have you looked at Windows APIs for security descriptors? It is no wonder basically no apps except Windows explorer support them. Every app I know about uses SetFileAttributes. Windows gets away with having a complex ACL system that nobody understands by setting very permissive defaults. In effect, users never worry about it, because they can write where they want to. I'm finding many cases where this is not the case on Solaris. It is very easy to set a whole folder as unwritable, and very hard to fix it. I had some hope after using the quite nice Nautilus GUI tools to reset all the Solaris ACLs, but the persistent accidents that occur "you can't write here and it's a big pain to fix it" problems are convincing me mostly to go back to Samba, where I have fewer features, but things basically keep working. Additionally, mapping basic things like "read-only" to "user writable" makes my filesystem moveable to another system via "tar", which is a really nice thing to have. Finally I believe that mapping unix permissions (in particular read-only bits) out to CIFS, but giving users only "set an ACL" as a fix is not symmetric and is confusing. I really think you should consider an alternate, simpler scheme that avoids some of these pitfalls. I know there's a huge investment in getting NFSv4 to work (seriously, it is technically impressive), but the integration with Windows is tough and this one has quite a few sharp edges for a typical multi-platform user. This is really not what Windows users expect. -- This message posted from opensolaris.org _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
