> It's better to use the group (add, mod etc) and smbadm commands to ensure > consistency.
Ok, didn't think of groupmod as I didn't make these with groupadd. But looking at the man for groupmod it seems pretty straightforward to make existing groups have the GIDs they need to match up with the permissions in the exported pool. I don't see how to use smbadm to do the same thing for the smb groups. Looking at the /var/smb/smbgroup.db I believe the culprit is a field called SID_RID. How can I get that set to the correct value using smbadm? There is: smbadm set -p property=value group but none of the properties are the SID_RID. Would you suggest smbadm rename group to shuffle groups around? I guess this might work if the groups set up already happen to cover all the right GIDs from the exported pool. > Editing the files seems like the workaround. Using chmod seems like an > approrpaite way to reset your ACLs and establish a baseline given the > background here. If there are numerous different permissions set on various files and folders in the exported pool, chasing down each one and chmodding is quite tedious. chmod-R is the wrecking ball; it gets the job done fast but it wipes out anything that was different. The only way to use each ACL in the pool as-is without visiting and recreating every one is to make sure the groups in the rebuilt system have the GIDs/SID_RIDs they used to have. > I don't follow these comments. ZFS won't let you set a null or empty ACL > (regardless of whether that's attempted locally or from Windows) but it will > let you use A= to replace any ACL. You can do most things from Windows or > using chmod, although it can be convenient to use the Windows GUI. Hmm, I thought it wasn't letting me remove the last non-inherited ACE from a file but in trying to write up the steps I took it just let me do exactly that. So scratch that commment. One thing I'm still not sure how to do on the OSOL side is to have inheritable permissions inherit to existing objects. When I set permissions from the Windows side they immediately apply to all child objects. Could I do the same thing on OSOL by recursively touching all files and folders after setting the inheritable permissions? Thanks, Owen Davies -- This message posted from opensolaris.org _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
