Owen Davies wrote:
What do the ACLs look like?
The ACL for my music folder, for example, is:
dr-xr-xr-x+246 root root 246 Aug 26 00:16 music
everyone@:r-x---a-R-c--s:fd-----:allow
group:kids:rwxpdDaARWcCos:fd-----:allow
When I went in and edited the /etc/group file so parents were GID 101 and kids
were GID 102, OSOL happlily reported the ACL as:
dr-xr-xr-x+246 root root 246 Aug 26 00:16 music
everyone@:r-x---a-R-c--s:fd-----:allow
group:parents:rwxpdDaARWcCos:fd-----:allow
but Windows continued to report that the kids had permissions.
Did you make the /etc/group change and then immediately look at the files
from Windows?
I am not sure, since I am not as familiar with workgroup mode as I am with
domain mode, but I suspect that the problem may be that the mapping between
the GID and the SID was still cached by idmapd. It might well have fixed
itself when the cache entry expired 10 minutes later. (We really need to
figure out how to have those cache entries flushed when the underlying data
changes, but it is tricky at best to do that without incurring all of the
costs that the cache exists to avoid.)
Having read a bit more I know ZFS stores the full ACL with SID.
Not exactly. If the user or group can be mapped to a UNIX UID or GID, it
is the UID or GID that is stored. The SID is stored when the user or group
cannot be mapped to a UNIX UID or GID.
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
