Well, I was going to compile samba and install a compiled version because of
all the zfsacl issues I was having. Unfortunately I was running out of time and
just disabled zfsacl altogether in order to keep going. Samba seems to be doing
find using fileio although these ACL's are really messy/confusing. I must say I
appreciate the extra functionality but I miss the old ACL's.
One example that came up today making departmental shares.
Lets say I have a share point that is the root folder all samba users mount
called "Corporate" under that folder I have departmental folders "Department1,
Department2, etc." Well I normally setup the Corporate folder allowing Domain
Users the ability to see all of the Departmental folders but when they access
the Departmental folder they are either permitted or denied based on their
departmental group membership. Pretty straightforward on POSIX ACL:
chmod 770
Corporate - Domain Users rx
Department1 - department1-group - rwx (Plus a default acl entry for
inheritance).
Now with NFS4:
chmod 770
Corporate - Domain Users rxcaRs:fdn:allow
Department1 - Domain Users rx:deny
- Department1-group wpdDxraRAwW:fd:allow
- @owner, @group - Not sure if I am correct on this but I
set these groups as wpdDxraRAwW:fd:allow so when people create files they
maintain access to them.
This is confusing because I had to first setup inheritance on the root
directory in order for the subdirectories to be seen and then explicitly deny
list on the sub directories.
Sure I will post something as soon as I have a minute. I am actually putting
together a guide for Samba/AD/ZFS configurations on Solaris which contains a
generic version of my entire config.
This message posted from opensolaris.org
_______________________________________________
opensolaris-discuss mailing list
[email protected]
