Setting the ACL on the root directory won't change permissions
on existing files unless you apply the change with -R.
What happens if you do:
# /usr/bin/chmod -R A=everyone@:full_set:fd:allow /Storage/share
> New files created anywhere in the directory end up with no permissions:
>
> # ls -alV savedfromPS.psd
> ----------+ 1 bryan share 59292 Jul 8 10:28 savedfromPS.psd
> user:bryan:rwxpdDaARWcCos:-------:allow
> group:2147483648:rwxpdDaARWcCos:-------:allow
The file has permissions, it's just that they don't appear in the
default ls permission bits output. The ACL will still be applied.
> It also has the archive bit set, meaning if I create the file,
> edit it, and try to save, I can't do it.
The Archive bit should have absolutely no effect on whether or not
you can edit or save files. It's just a flag to indicate that it
has changed since the last backup. If you don't use Windows backup
tools that care about the Archive bit, the value doesn't matter.
> I followed the advice of many online sites that for a NAS,
> you disable the ACLs:
Disable ACLs? That sounds like strange/weird advice.
Is that's a bit like recommending that one should always provide
your back account PIN on request?
Alan
On 07/08/09 07:53, David Bryan wrote:
Alright, like many others who have posted here, I am having problems with the ACL issue working with windows. Unfortunately, the answers I've seen here and elsewhere don't seem to resolve the problem. It may be that an earlier suggestion (telling zfs to ignore the ACLs during setup back in the day) are clobbering each other...
All I want to achieve is to be able to read/write from windows (I am using NFS
to share to my other machines -- these are existing files -- and that all works
fine) I'm not trying to do anything tricky -- full permissions to all users,
not per user or anything like that.
The general suggestion is that ACLs need to be set on the root volume. I have a
zfs pool called Storage, inside is share (a separate zfs file system, so not
sure that any of the settings to Storage apply down to Storage/share or not). I
have tried setting the ACLs, as shown in many places. The commands I run are:
# /usr/bin/chmod
A=owner@:rwxpdDaARWcCos:fd:allow,group@:rwxpdDaARWcCos:fd:allow,everyone@:rwxpdDaARWcCos:fd:allow
/Storage
# /usr/bin/chmod
A=owner@:rwxpdDaARWcCos:fd:allow,group@:rwxpdDaARWcCos:fd:allow,everyone@:rwxpdDaARWcCos:fd:allow
/Storage/share
and also tried:
# /usr/bin/chmod A=user:bryan:rwxpdDaARWcCos:fd:allow /Storage
# /usr/bin/chmod A=user:bryan:rwxpdDaARWcCos:fd:allow /Storage/share
New files created anywhere in the directory end up with no permissions:
# ls -alV savedfromPS.psd
----------+ 1 bryan share 59292 Jul 8 10:28 savedfromPS.psd
user:bryan:rwxpdDaARWcCos:-------:allow
group:2147483648:rwxpdDaARWcCos:-------:allow
It also has the archive bit set, meaning if I create the file, edit it, and try
to save, I can't do it.
One possible issue here is that, way back, when setting up the system, I
followed the advice of many online sites that for a NAS, you disable the ACLs:
zfs set aclinherit=discard Storage
zfs set aclinherit=discard Storage/share
zfs set aclmode=discard Storage
zfs set aclmode=discard Storage/share
I tried changing that back:
zfs set aclinherit=restricted Storage
zfs set aclmode=groupmask Storage
zfs set aclinherit=restricted Storage/share
zfs set aclmode=groupmask Storage/share
and re-ran the same /usr/bin/chmod commands above, but newly created files over
CIFS still have the same empty permissions. The current zfs properties are:
# zfs get all Storage/share
NAME PROPERTY VALUE SOURCE
Storage/share type filesystem -
Storage/share creation Mon Jun 15 22:38 2009 -
Storage/share used 688G -
Storage/share available 2.00T -
Storage/share referenced 688G -
Storage/share compressratio 1.00x -
Storage/share mounted yes -
Storage/share quota none default
Storage/share reservation none default
Storage/share recordsize 128K default
Storage/share mountpoint /Storage/share default
Storage/share sharenfs on local
Storage/share checksum on default
Storage/share compression off local
Storage/share atime on default
Storage/share devices on default
Storage/share exec on default
Storage/share setuid on default
Storage/share readonly off default
Storage/share zoned off default
Storage/share snapdir hidden default
Storage/share aclmode groupmask local
Storage/share aclinherit restricted local
Storage/share canmount on default
Storage/share shareiscsi off default
Storage/share xattr on default
Storage/share copies 1 default
Storage/share version 3 -
Storage/share utf8only off -
Storage/share normalization none -
Storage/share casesensitivity mixed -
Storage/share vscan off default
Storage/share nbmand on local
Storage/share sharesmb name=share local
Storage/share refquota none default
Storage/share refreservation none default
Storage/share primarycache all default
Storage/share secondarycache all default
Storage/share usedbysnapshots 0 -
Storage/share usedbydataset 688G -
Storage/share usedbychildren 0 -
Storage/share usedbyrefreservation 0 -
I know I am treading on frequently covered ground, but the "run the chmod"
instructions that are given as an answer everywhere simply don't seem to work for me.
What am I missing here? Am I seeing a legacy problem from having the ACLs disabled at
some point? Am I improperly mounting the volume from the windows side?
Any suggestions appreciated...this is getting frustrating! Thanks very much.
Thanks,
David
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
