On 11-01-2011 10:29, Ryan Park wrote:
Hello all,
First I like to thank you for the help. Thank you.
I have created smb share on opensolaris 134.
joined windows 2008 active directory and map the share to the system.
I have couple acl access permission problem.
First, when I created the file and change delete permission to deny delete
permission from windows side.
but user still can delete the file.
Second, I have taken the snapshot and restored from windows folder/file
property-->previous version tab
When I delete the file and restores is using different user account.
that account has access to the file.
Please give me light to guide throught this problem
Thank you
Ryan
Hello Ryan
Where are you trying to create your ACL's?
Last time I was in your shoes, I decided to simply create the ACLs in
zfs (are you using zfs?) and they worked like a sharm.
a simple google search on ZFS ACL will take you to
http://blogs.sun.com/marks/entry/zfs_acls where the ZFS's ACL model is
pretty neatly explained. Actually, He explains the NFSv4 acl model but
never noticed any differences and his examples work.
(just remember to change the permissions to the file and, if it's a
directory, to the inheritance)
As for your restore issue, you had the user restore the file from his
Windows machine?
If that is the case, a file that is written by a user will be owned by
that user, Solaris doesn't know (or care) that it's the same restored
file - as he sees it, it isn't.
ACLs to the rescue again, you can simply remove the delete privileges
from that directory (hint: also use inherence so your ACLs spread to sub
dirs and new files) for that user.
Now, forgive me if you know a lot about solaris, I have no way of
knowing that so, if I'm being too basic, forgive me but, since this ACLs
are in ZFS and not in samba, you can simply try them by creating a new
directory with some files inside your zfs pool instead of having a test
share for your users. you know the user name of your samba clients so,
simply by using su - <user> you can test whatever you want without
compromising production.
_______________________________________________
storage-discuss mailing list
storage-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
