[cifs-discuss] Another problem with CIFS ACLs and Windows Permissions

David Bryan Wed, 08 Jul 2009 07:54:39 -0700

Alright, like many others who have posted here, I am having problems with the 
ACL issue working with windows. Unfortunately, the answers I've seen here and 
elsewhere don't seem to resolve the problem. It may be that an earlier 
suggestion (telling zfs to ignore the ACLs during setup back in the day) are 
clobbering each other...


All I want to achieve is to be able to read/write from windows (I am using NFS 
to share to my other machines -- these are existing files -- and that all works 
fine) I'm not trying to do anything tricky -- full permissions to all users, 
not per user or anything like that.

The general suggestion is that ACLs need to be set on the root volume. I have a 
zfs pool called Storage, inside is share (a separate zfs file system, so not 
sure that any of the settings to Storage apply down to Storage/share or not). I 
have tried setting the ACLs, as shown in many places. The commands I run are:

# /usr/bin/chmod 
A=owner@:rwxpdDaARWcCos:fd:allow,group@:rwxpdDaARWcCos:fd:allow,everyone@:rwxpdDaARWcCos:fd:allow
 /Storage
# /usr/bin/chmod 
A=owner@:rwxpdDaARWcCos:fd:allow,group@:rwxpdDaARWcCos:fd:allow,everyone@:rwxpdDaARWcCos:fd:allow
 /Storage/share

and also tried:

# /usr/bin/chmod A=user:bryan:rwxpdDaARWcCos:fd:allow /Storage
# /usr/bin/chmod A=user:bryan:rwxpdDaARWcCos:fd:allow /Storage/share

New files created anywhere in the directory end up with no permissions:

# ls -alV savedfromPS.psd 
----------+  1 bryan    share      59292 Jul  8 10:28 savedfromPS.psd
             user:bryan:rwxpdDaARWcCos:-------:allow
       group:2147483648:rwxpdDaARWcCos:-------:allow

It also has the archive bit set, meaning if I create the file, edit it, and try 
to save, I can't do it.

One possible issue here is that, way back, when setting up the system, I 
followed the advice of many online sites that for a NAS, you disable the ACLs:

zfs set aclinherit=discard  Storage
zfs set aclinherit=discard  Storage/share
zfs set aclmode=discard Storage
zfs set aclmode=discard Storage/share

I tried changing that back:

zfs set aclinherit=restricted Storage
zfs set aclmode=groupmask Storage
zfs set aclinherit=restricted Storage/share
zfs set aclmode=groupmask Storage/share

and re-ran the same /usr/bin/chmod commands above, but newly created files over 
CIFS still have the same empty permissions. The current zfs properties are:

# zfs get all Storage/share
NAME           PROPERTY              VALUE                  SOURCE
Storage/share  type                  filesystem             -
Storage/share  creation              Mon Jun 15 22:38 2009  -
Storage/share  used                  688G                   -
Storage/share  available             2.00T                  -
Storage/share  referenced            688G                   -
Storage/share  compressratio         1.00x                  -
Storage/share  mounted               yes                    -
Storage/share  quota                 none                   default
Storage/share  reservation           none                   default
Storage/share  recordsize            128K                   default
Storage/share  mountpoint            /Storage/share         default
Storage/share  sharenfs              on                     local
Storage/share  checksum              on                     default
Storage/share  compression           off                    local
Storage/share  atime                 on                     default
Storage/share  devices               on                     default
Storage/share  exec                  on                     default
Storage/share  setuid                on                     default
Storage/share  readonly              off                    default
Storage/share  zoned                 off                    default
Storage/share  snapdir               hidden                 default
Storage/share  aclmode               groupmask              local
Storage/share  aclinherit            restricted             local
Storage/share  canmount              on                     default
Storage/share  shareiscsi            off                    default
Storage/share  xattr                 on                     default
Storage/share  copies                1                      default
Storage/share  version               3                      -
Storage/share  utf8only              off                    -
Storage/share  normalization         none                   -
Storage/share  casesensitivity       mixed                  -
Storage/share  vscan                 off                    default
Storage/share  nbmand                on                     local
Storage/share  sharesmb              name=share             local
Storage/share  refquota              none                   default
Storage/share  refreservation        none                   default
Storage/share  primarycache          all                    default
Storage/share  secondarycache        all                    default
Storage/share  usedbysnapshots       0                      -
Storage/share  usedbydataset         688G                   -
Storage/share  usedbychildren        0                      -
Storage/share  usedbyrefreservation  0                      -

I know I am treading on frequently covered ground, but the "run the chmod" 
instructions that are given as an answer everywhere simply don't seem to work 
for me. What am I missing here? Am I seeing a legacy problem from having the 
ACLs disabled at some point? Am I improperly mounting the volume from the 
windows side?

Any suggestions appreciated...this is getting frustrating! Thanks very much.

Thanks,

David
-- 
This message posted from opensolaris.org
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

[cifs-discuss] Another problem with CIFS ACLs and Windows Permissions

Reply via email to