Re: [cifs-discuss] [nfs-discuss] Why can't we write to files created in multi-protocol se

Wed, 01 Jul 2009 18:18:21 -0700 

How does the ACL for 'f1' look like?

Afshin

John Keiffer wrote:

Well... I may have had an idamp problem before, which I believe I've now 
corrected. This is my current idamp config:

add     "wingroup:Domain [email protected]"      unixgroup:group2
add     winuser:[email protected]      unixuser:enguser
wingroup:Domain [email protected]       ==      gid:2147483650
wingroup:Authenticated Users    ==      gid:2147483651
wingroup:Network        ==      gid:2147483652
wingroup:administrat...@builtin ==      gid:2147483653


I still have some questions regarding access from both CIFS and NFS:

After steping on the file from Linux and vi with the ! I believe it reordered 
the ACL’s like this:

n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+  1 enguser  group2         6 Jul  1 14:32 cifs.txt
           group:group2:rwxp----------:-------:deny
              everyone@:r-x--------Co-:-------:deny
           group:group2:-------------s:-------:allow
           user:enguser:rwxpdDaARWcCos:fd-----:allow
              everyone@:------a-R-c--s:-------:allow

Which means that when I try and access it from Windows I can’t, because group2 
has write deny (among other things). If I remove the user ACL and insert it at 
the beginning, I can write again from Windows…

n...@leo-ha2:/$ chmod A3- ha2/f1/cifs.txt
n...@leo-ha2:/$ chmod A0+user:enguser:rwxpdDaARWcCos:fd-----:allow ha2/f1/cifs.txt 
n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+  1 enguser  group2         6 Jul  1 14:32 cifs.txt
           user:enguser:rwxpdDaARWcCos:fd-----:allow
           group:group2:rwxp----------:-------:deny
              everyone@:r-x--------Co-:-------:deny
           group:group2:-------------s:-------:allow
              everyone@:------a-R-c--s:-------:allow

Until I ! save it again from Linux, because then the ACLs are changed (such 
that nobody can do much of anything because of the deny lines):

n...@leo-ha2:/$ ls -V ha2/f1/cifs.txt
----------   1 enguser  group2        27 Jul  1 14:48 ha2/f1/cifs.txt
                 owner@:rwxp----------:-------:deny
                 owner@:-------A-W-Co-:-------:allow
                 group@:rwxp----------:-------:deny
                 group@:--------------:-------:allow
              everyone@:rwxp---A-W-Co-:-------:deny
              everyone@:------a-R-c--s:-------:allow

_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

Reply via email to