ZFS properties, see Oracke docs ex http://docs.oracle.com/cd/E19120-01/open.solaris/817-2271/gbaaz/index.html <http://docs.oracle.com/cd/E19120-01/open.solaris/817-2271/gbaaz/index.html>
If you want full permissions on files on an SMB share, you must either connect as user root or as an AD user that is idmapped to Unix root Adding a user to the SMB group administrators is needed for some administration tasks (ex remote computer management) but root permission is the key for any file permission problems. Gea > Am 30.04.2015 um 08:56 schrieb Sebastian Gabler <[email protected]>: > > Am 29.04.2015 um 20:07 schrieb [email protected]: >> Message: 3 >> Date: Tue, 28 Apr 2015 19:22:34 +0200 >> From: G?nther Alka <[email protected]> >> To: omnios-discuss <[email protected]> >> Subject: Re: [OmniOS-discuss] ZFS ACL Solaris CIFS and Windows client >> Message-ID: <[email protected]> >> Content-Type: text/plain; charset=utf-8 >> >> Lets?s begin with ZFS properties >> - aclinhert: passthrough > Thanks. It was on "restricted". I applied the change, but that makes no > difference to my original problem. >> - aclmode: does not matter for CIFS > Thanks. Do you have any sources for that for futher studies? >> >> Next, set idmappings >> - in Workgroup mode: do not set any user mappings (only group mappings) >> - in Domain mode: set domainadmins => root > That's already the case. On that occasion: how would one delegate operator > permissions for ACL assignment to other users. i.e. if I want certain Domain > Users to change ACLs, permissions, and privileges, on shares of the illumos > machine, who are not member of the domain admin group? >> >> Next: join AD Domain (for domain mode) >> >> Next: SMB connect >> - use root (requires a passwd root to generate s SMB password) or >> - use an Domain Admin account (requires the idmapping to root) > I am using the domain admin account. Note: what specifically is not working > is to set ownership on behalf of a different domain user. >> >> Windows version: >> - you need Windows Pro or Windows server (no home edition) > Known. >> >> Now you should be able to set ownership and ACL on files and folders. >> >> If you want to set ACL on shares, you must >> - SMB connect as a user that is a member of the Administrators group >> - use Computer Management on Windows and connect OmniOS > Trying the latter ends up in "access denied". > Maybe there is something broken with the user mapping. (i.e., the domain > admin >root mapping was done, but how do I check if it is in effect, how do I > check if root (who is in my understanding the provider of the permissions to > domain admin, right?) has the required privs? >> >> >> Gea >> >> >>> Am 28.04.2015 um 14:09 schrieb Sebastian Gabler <[email protected]>: >>> >>> Hi, >>> >>> I am a bit stuck in getting my ACL management straight for the CIFS shares >>> I run. What I would like to do is to set all the ACLs from Windows. What >>> does not work right now is to assign ownership to a sharepoint or an object >>> below it to a different user, i.e. to set ownership as the Domain >>> Administrator to a specific user. I get an error message that a "Restore" >>> privilege would be missing, but the error message is unclear if that >>> applies to the current context (Domain Administrator), or the prospective >>> owner. I can set full control for that user, however. >>> Specifically, >>> 1. I am wondering how to get, from my illumos machine, the privileges >>> applicable on an object for a certain user. >>> 2. finding out what is required to take/provide ownership, specifically of >>> a sharepoint, from Windows, (ACLs, idmap, ZFS acl modes and inhertiance >>> modes, etc), and in what hierarchy things apply. >>> I am aware that this may be a FAQ, but I didn't find comprehensive >>> documentation on the matter. The Oracle docs are focussed to explain how >>> things work from the Solaris side, most HowTos that include the Windows >>> side are not deep enough. >>> >>> Thanks for any hints. >>> >>> With best regards, >>> >>> Sebastian >>> _______________________________________________ >>> OmniOS-discuss mailing list >>> [email protected] >>> http://lists.omniti.com/mailman/listinfo/omnios-discuss >> > > _______________________________________________ > OmniOS-discuss mailing list > [email protected] > http://lists.omniti.com/mailman/listinfo/omnios-discuss
_______________________________________________ OmniOS-discuss mailing list [email protected] http://lists.omniti.com/mailman/listinfo/omnios-discuss
