[OpenIndiana-discuss] problems with permissions on smb share

Robbie Crash sardonic.smiles at gmail.com
Mon Jun 4 05:06:35 UTC 2012 

I see two problems,

The first is that you've got your ACL's set to not propagate to
files/directories:

This:
 user:oi:rwxpdDaARWcCos:-------:allow
Means that the owner has full access to that file, but not to child
directories, or to child files according to the ZFS ACL. In order to get
things to actually pass on to child objects, the directory needs to have
the f bit set for files, and the d bit set for directories:
$ /usr/bin/chmod -R A=owner@:full_set:fd:allow,<GROUP/EVERYONE>
/PATH/YOU/ARE/CHANGING

With the f and d set after the permissions you're granting, either with
full/read_set or with rwxpdDaARWcCos. Although, I don't get why cp is fine,
but mv breaks things. It /should/ be the other way around. mv should always
preserve permissions, where as cp should inherit. So I don't get that.

Second is that your ZFS ACLs are set to be discarded as per the ACLMode, so
you're just using the normal UNIX/POSIX ones. If you're going to use ZFS
ACLs, you need to have ACLmode set to passthrough.

/usr/gnu/ls and /usr/gnu/chmod both only work on the UNIX permissions, and
leave the ZFS ones untouched. If you set your ACLMode to passthrough,
that's supposed to link the ZFS ACL with whatever the UNIX ACL is set to.

How do the permissions show in Windows?

I had a lot of permissions problems with Windows shares initially, lots of
them because of things like this. Initially i disabled the ZFS ACLs, and
just used the normal ones, but that caused issues when setting/modifying
permissions from Windows. What I ended up doing was creating a new pool
from scratch, setting things up with passthrough and inherit turned on, and
then made sure to use /usr/bin/chmod to make any server-side permissions
changes. Since rebuilding, I haven't had any similar issues.


On Sun, Jun 3, 2012 at 7:18 PM, Jan Owoc <jsowoc at gmail.com> wrote:

> On Sun, Jun 3, 2012 at 4:32 PM, Robbie Crash <sardonic.smiles at gmail.com>
> wrote:
> > What's the aclmode on the pool?
> >
> > Zfs get aclmode tankz2
>
> root at openindiana:~# zfs get aclmode tankz2 tankz2/scratch
> NAME            PROPERTY  VALUE        SOURCE
> tankz2          aclmode   discard      default
> tankz2/scratch  aclmode   discard      default
>
> "tankz2" is the name of the zpool (and the corresponding zfs). I have
> several shares in this pool, one of which is "scratch". They all
> exhibit this odd behaviour (copying is ok, moving resets permissions).
>
> Jan
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Seconds to the drop, but it seems like hours.

http://www.eff.org/
<http://www.eff.org/>http://creativecommons.org/

More information about the OpenIndiana-discuss mailing list