Well... I may have had an idamp problem before, which I believe I've now
corrected. This is my current idamp config:
add "wingroup:Domain Users at matrix.lab" unixgroup:group2
add winuser:enguser at matrix.lab unixuser:enguser
wingroup:Domain Admins at matrix.lab == gid:2147483650
wingroup:Authenticated Users == gid:2147483651
wingroup:Network == gid:2147483652
wingroup:Administrators at BUILTIN == gid:2147483653
I still have some questions regarding access from both CIFS and NFS:
After steping on the file from Linux and vi with the ! I believe it reordered
the ACL?s like this:
nmc at leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
user:enguser:rwxpdDaARWcCos:fd-----:allow
everyone@:------a-R-c--s:-------:allow
Which means that when I try and access it from Windows I can?t, because group2
has write deny (among other things). If I remove the user ACL and insert it at
the beginning, I can write again from Windows?
nmc at leo-ha2:/$ chmod A3- ha2/f1/cifs.txt
nmc at leo-ha2:/$ chmod A0+user:enguser:rwxpdDaARWcCos:fd-----:allow
ha2/f1/cifs.txt
nmc at leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
user:enguser:rwxpdDaARWcCos:fd-----:allow
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
everyone@:------a-R-c--s:-------:allow
Until I ! save it again from Linux, because then the ACLs are changed (such
that nobody can do much of anything because of the deny lines):
nmc at leo-ha2:/$ ls -V ha2/f1/cifs.txt
---------- 1 enguser group2 27 Jul 1 14:48 ha2/f1/cifs.txt
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:rwxp----------:-------:deny
group@:--------------:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
--
This message posted from opensolaris.org
