Hmm... >From what I can see, it works fine if you grant everyone all permissions, but then starts to fail as you try to lock it down. That means there's one of two things going wrong:
1. The permissions are too restrictive. 2. The windows groups / users aren't mapping properly to the solaris ones What I would do to troubleshoot things is this: 1. Set the standard permissions again, granting everyone full access 2. From windows create a few folders, and change the permissions on these to what you want from within windows You can then look at how working windows permissions look, and that should let you see where things are going wrong. I've not actually seen it myself, but my understanding is that if the windows permissions you set have numbers next to them instead of user or group names, then your user mapping isn't set up correctly. Give that a try, if nothing else it gives you an easy way to get the permissions you want by just doing it from windows. Ross On Mon, Apr 13, 2009 at 6:48 AM, Mr. Hu Mongous <[email protected]> wrote: > Ok, Further troubleshooting and reading have lead me to the problem. I have > no idea why but zfs restrictive permissioning does not work with windows > clients. > > If i provide the following to a directory, I have no problems accessing it: > r...@osbox:~# /usr/bin/chmod -R a=every...@full_set:fd:allow /zstorage/Share/ > > If I change something more restrictive, I lose my access. > r...@osbox:~# /usr/bin/chmod -R A=user:soft:read_set:fd:allow /zstorage/Share/ > r...@osbox:~# /usr/bin/chmod -R A+user:soft:write_set:fd:allow > /zstorage/Share/ > > Let's compare the two: > > user with full rights -- I can access the share > r...@osbox:~# /usr/bin/ls -vd /zstorage/Share/ > d---------+ 2 root software 2 Apr 13 17:18 /zstorage/Share/ > 0:user:soft:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/read_xattr/write_xattr/execute > /delete_child/read_attributes/write_attributes/delete/read_acl > /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow > > user with restrictive permissions -- can't access the share > r...@osbox:~# /usr/bin/ls -vd /zstorage/Share/ > d---------+ 2 root software 2 Apr 13 17:18 /zstorage/Share/ > 0:user:soft:add_file/write_data/add_subdirectory/append_data/write_xattr > /write_attributes:file_inherit/dir_inherit:allow > 1:user:soft:list_directory/read_data/read_xattr/read_attributes/read_acl > :file_inherit/dir_inherit:allow > > What I noticed is at the top left side the permissions for rw are not listed > for the owner nor group nor other. If I make the change using the line below, > i regain access but my zfs permissions go out of wack: > > r...@osbox:~# /usr/bin/chmod -R 740 /zstorage/Share/ > > r...@osbox:~# /usr/bin/ls -vd /zstorage/Share/ > drwxr-----+ 3 soft software 4 Apr 14 01:23 /zstorage/Share/ > 0:user:soft:add_file/write_data/add_subdirectory/append_data/write_xattr > /write_attributes:file_inherit/dir_inherit/inherit_only:allow > 1:user:soft::deny > 2:user:soft:add_file/write_data/add_subdirectory/append_data/write_xattr > /write_attributes:allow > 3:user:soft:list_directory/read_data/read_xattr/read_attributes/read_acl > :file_inherit/dir_inherit/inherit_only:allow > 4:user:soft::deny > 5:owner@::deny > 6:owner@:list_directory/read_data/add_file/write_data/add_subdirectory > /append_data/write_xattr/execute/write_attributes/write_acl > /write_owner:allow > 7:group@:add_file/write_data/add_subdirectory/append_data/execute:deny > 8:group@:list_directory/read_data:allow > 9:everyone@:list_directory/read_data/add_file/write_data > /add_subdirectory/append_data/write_xattr/execute/write_attributes > /write_acl/write_owner:deny > 10:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow > > Can someone please explain what's happening here? I'm starting to become a > little frustrated with these conflicting permissions and the fact that this > forum is not too active. So much so, that I'm debating to go back to FreeBSD. > > Thanks, > > Mr. Hu Mongous (a.k.a Fatman) > -- > This message posted from opensolaris.org > _______________________________________________ > cifs-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
