We've done a lot of work in this area in recent builds.
I think there were 6 or 7 CRs in total but some important
ones to look for are:

6899409 Preserve owner@/group@ across SMB

PSARC 2009/683 Reserved uid/gid for distinguishing unmappable
        users/groups in NFSv4 ACLs
6261858 ls(1) -l, getfacl(1), and setfacl(1) can return
        "Permission denied" due to "nobody" and ACLs

PSARC/2010/029 Improved ACL interoperability
6923083 ZFS/NFS/SMB ACL interoperability changes

I think the scenarios below will go away with these updates.


Ryan John wrote:
Hi Dick,

I'm not a developer, just a user, but I had the same problem.
The following recipe worked for me, and I hope it helps.
I'm just cutting/paste from my wiki.

Create the share:
~# zfs create -o casesensitivity=mixed -o nbmand=on pool/tank
~# zfs set aclmode=passthrough pool/tank              # These 2
parameters are needed if you are
~# zfs set aclinherit=passthrough pool/tank           # also going to
share files with NFSv3
~# zfs set sharesmb=on pool/tank
~# zfs set sharesmb=name=tank pool/tank

Change the ACLs:
~# cd /pool/tank
~# chmod A=everyone@:r-----a-R-c--s:-------:allow . # needed for nfs3
mount by root
~# chmod A+group@:rwxp----------:fd-----:allow .
~# chmod A+owner@: rwxp---A-W-Co-:fd-----:allow .
~# chmod A+group:some_group:rwxpd-aARWc--s:fd:allow .
~# chmod A+group:admin_group:rwxpdDaARWcCos:fd:allow .

The first 3 lines will make the trivial ACLs look like (drwxrwxr--)


-----Original Message-----
From: cifs-discuss-boun...@opensolaris.org
[mailto:cifs-discuss-boun...@opensolaris.org] On Behalf Of Dick
Sent: 05 May 2010 22:04
To: cifs-discuss@opensolaris.org
Subject: [cifs-discuss] diff between sharesnb and sharenfs

I have some ZFS datasets that are shared through CIFS/NFS. So I created them with sharenfs/sharesmb options.

I have full access from windows (through cifs) to the datasets, however,

all files and directories are created with (UNIX) permisions of (------)/(d------). So, although I can access the files now from my windows machiens, I can -NOT- access the same files with NFS. I know I gave myself full permissions in the ACL list. That's why sharesmb works I guess. But what do I have to do to make -BOTH- work?

cifs-discuss mailing list

Reply via email to