[OpenIndiana-discuss] Problems with ZFS ACL vs 'normal' ACL

Robbie Crash sardonic.smiles at gmail.com
Mon Apr 9 18:00:16 UTC 2012 

I don't have NFS set up on this box at all, and the only local process I
can think of that would be routinely touching all these directories would
be updatedb, which is run nightly, and ZFS auto-snapshots.

Some of the directories do have netatalk shares configured, but not all.

On Mon, Apr 9, 2012 at 13:54, Gordon Ross <gordon.w.ross at gmail.com> wrote:

> Is there an NFS share of the same directory?  Or any local process
> unpacking files here?
>
> On Mon, Apr 9, 2012 at 1:02 PM, Robbie Crash <sardonic.smiles at gmail.com>
> wrote:
> > Hello,
> >
> > I'm having some issues that are undoubtedly my fault, but that I've been
> > unable to fix.
> >
> > I have several FS shared via SMB, the shares work and the data is
> > available, and I can create new files/directories without issue.
> However, I
> > cannot edit nor delete files consistently. Usually it works for a few
> days
> > or a few weeks, then all of a sudden, I cannot rename files/directories
> or
> > edit existing files. I usually can fix the issue by altering the ZFS ACL
> > using /usr/bin/chmod instead of the default one in /usr/gnu/bin/chmod,
> and
> > giving full_set and read_set as requried. This is really annoying and has
> > to be redone seemingly at random.
> >
> > I've tried setting aclmode and aclinherit to discard, but that hasn't
> > helped at all. Setting to passthrough and reapplying seems to get things
> > working for a while, then back to getting denied.
> >
> > The command I'm running to set the permissions is:
> > $ /usr/bin/chmod A=owner@:full_set:fd:allow,group@
> > :read_set:fd:allow,everyone@:read_set:fd:allow /Data/Dir
> >
> > Which gives me:
> > $ /usr/bin/ls -lV /Data/
> > drwxr--r--+ 25 robbie   staff         25 Jan 14 15:34 Dir
> >                 owner@:rwxpdDaARWcCos:fd----I:allow
> >                 group@:r-----a-R-c--s:fd----I:allow
> >              everyone@:r-----a-R-c--s:fd----I:allow
> >
> > A normal ls just shows whatever was set with /usr/gnu/bin/chmod.
> >
> > Generally speaking if I do /usr/bin/ls before resetting the permissions,
> I
> > get something along the lines of owner@:rwxpdDaARWcCos:------I:allow, so
> > just the fd bits not set.
> >
> > Logged in locally to the box things work properly. I can rename/move/edit
> > files without issue, it's just over SMB that there's an issue.
> >
> > The pool was originally created under ZFS on Linux running under Ubuntu,
> > exported from there, and imported into OI151. Most of the shares are also
> > configured as netatalk shares for OSX clients. I have not tested to see
> if
> > OSX users have issues editing files, but I don't care about if they can
> > since none of the OSX users should be able to edit anything on the
> server.
> > Windows clients are all Windows 7 and are joined to an AD Domain, but are
> > authenticating as local users. SMB is using local account authentication,
> > not AD Integrated.
> >
> > --
> > Seconds to the drop, but it seems like hours.
> >
> > http://www.eff.org/
> > <http://www.eff.org/>http://creativecommons.org/
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Seconds to the drop, but it seems like hours.

http://www.eff.org/
<http://www.eff.org/>http://creativecommons.org/

More information about the OpenIndiana-discuss mailing list