Afshin Salek wrote:
> Jerry,
>
> The problem is that none of the ACEs in the parent directory
> are inheritable. As I mentioned before, when you create a file
> or folder from Windows, you'll get Windows inheritance rules not
> Solaris/POSIX rules. In Windows, if a directory's ACL doesn't have any
> inheritable ACEs when a file/folder is created in it, that new object's
> ACL will have two ACEs (as you can see for nsswitch.conf file): one
> for the owner of the object and one for a Windows account called SYSTEM.
>
> If you want the directory's ACL to have true full-control for every
> which is also inheritable then you should do this:
>
> chmod A=everyone@:rwxpdDaARWcCos:fd:allow <directory>
>
> the :fd: part means the ACE would be inheritable by both new files and
> folders.
Afshin,
That seems to have sorted my permissions issues. However, I can't help
feeling I don't know enough about this. Where can I learn more?
Basically, here's my situation...
I've got a new storage server with a zpool, /space, containing a load of
content that I've copied over from my previous storage server.
It looks like this:
# ls -al /space
total 418
drwxrwxrwx+ 17 robin other 17 Feb 20 22:51 .
drwxr-xr-x 33 robin other 34 Feb 12 14:34 ..
drwxr-xr-x 3 robin other 3 Nov 17 16:32 backups
drwxr-xr-x 3 robin other 3 Jan 28 19:19 dist
drwxr-xr-x 6 robin other 6 Nov 9 16:29 download
drwxr-xr-x+ 2 robin other 45 Feb 11 19:21 fotos
drwxr-xr-x 5 robin other 5 Nov 12 14:47 migration
drwxr-xr-x 13 robin other 35 Feb 11 12:39 music
drwxr-xr-x 7 robin other 11 Dec 26 21:08 office11
drwxr-xr-x 6 robin other 7 Sep 25 21:34 Old Machines
drwxr-xr-x 7 robin other 7 Sep 21 13:55 photos
drwxr-xr-x+ 2 root root 11 Feb 20 22:51 temp
drwxr-xr-x+ 2 robin other 5 Feb 20 21:43 Test
drwxrwxrwx+ 2 robin other 3 Feb 20 22:38 Test 2
drwxr-xr-x 502 robin other 509 Feb 20 13:55 Torrents
drwxr-xr-x 38 robin other 38 Jan 1 13:48 video
drwxr-xr-x 7 robin other 8 Oct 19 21:11 work
"/space" is shared via CIFS and NFS.
Some of the dirs listed above are separate zfs datasets:
# zfs list -r space
NAME USED AVAIL REFER MOUNTPOINT
space 2.10T 1.46T 163G /space
space/Torrents 245G 1.46T 245G /space/Torrents
space/backups 12.2M 1.46T 12.2M /space/backups
space/download 34.2G 1.46T 34.2G /space/download
space/migration 1.60G 1.46T 1.60G /space/migration
space/music 1.34T 1.46T 1.34T /space/music
space/office11 3.77G 1.46T 3.77G /space/office11
space/photos 1.56G 1.46T 1.56G /space/photos
space/video 322G 1.46T 322G /space/video
space/work 1.92G 1.46T 1.92G /space/work
I've used the command you suggested on the root (/space) dir:
chmod A=everyone@:rwxpdDaARWcCos:fd:allow /space
"fotos" and "Test" were created from Windows before I added the above
ACL to /space. I changed the unix perms manually.
"Test 2" was created from Windows *after* I added the ACL to /space.
"temp" was created from unix *after* I added the ACL to /space.
I guess I'm struggling to work out how to best manage the access perms here.
I want to be able to have the same access from a Linux box over NFS as
from a Windows XP box over CIFS. Mostly, this is just for the "robin"
user, but I have other users that I'd like to grant read-only access to
certain folder's
Looking at the perms on the root of the pool (/space), I can't help
thinking that they're a little permissive:
# ls -vd /space
drwxrwxrwx+ 17 robin other 17 Feb 20 22:51 /space
0:everyone@:list_directory/read_data/add_file/write_data
/add_subdirectory/append_data/read_xattr/write_xattr/execute
/delete_child/read_attributes/write_attributes/delete/read_acl
/write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow
Basically, I want the user "robin" to have full access to the whole
/space pool from Windows and over NFS.
All help appreciated.
Thanks,
R.
_______________________________________________
opensolaris-discuss mailing list
[email protected]
