[OpenIndiana-discuss] problems with permissions on smb share

Mon Jun 4 13:37:16 UTC 2012

On Sun, Jun 3, 2012 at 11:06 PM, Robbie Crash <sardonic.smiles at gmail.com> wrote:
> I see two problems,
>
> The first is that you've got your ACL's set to not propagate to
> files/directories:
>
> This:
>  user:oi:rwxpdDaARWcCos:-------:allow
> Means that the owner has full access to that file, but not to child
> directories, or to child files according to the ZFS ACL. In order to get
> things to actually pass on to child objects, the directory needs to have
> the f bit set for files, and the d bit set for directories:
> $ /usr/bin/chmod -R A=owner@:full_set:fd:allow,<GROUP/EVERYONE>
> /PATH/YOU/ARE/CHANGING
>
> With the f and d set after the permissions you're granting, either with
> full/read_set or with rwxpdDaARWcCos. Although, I don't get why cp is fine,
> but mv breaks things. It /should/ be the other way around. mv should always
> preserve permissions, where as cp should inherit. So I don't get that.

Yes, there was even additional oddity that I found after sending my
original mail, as Windows XP SP3 would discard the permissions, while
Windows 7 SP1 would properly propagate them.

> Second is that your ZFS ACLs are set to be discarded as per the ACLMode, so
> you're just using the normal UNIX/POSIX ones. If you're going to use ZFS
> ACLs, you need to have ACLmode set to passthrough.

As I have a few shares (each on its own fs), I could play around with
various combinations. It appears that there were two possible
solutions:

1) only changing the "owner@:fullset:fd:allow" permission (without
changing the zfs properties aclinherit or aclpassthrough) was enough
to fix the problem (or at least I can't reproduce this specific
problem when I do this). The trick was the "fd", which I'd missed.

> How do the permissions show in Windows?

2) simply turning off "Use simple file sharing (Recommended)", which I
needed to do to look at the permissions, fixed the problem. It appears
I don't even need the "fd" permissions set.

My problem is solved. Thank you!

> I had a lot of permissions problems with Windows shares initially, lots of
> them because of things like this. Initially i disabled the ZFS ACLs, and
> just used the normal ones, but that caused issues when setting/modifying
> permissions from Windows. What I ended up doing was creating a new pool
> from scratch, setting things up with passthrough and inherit turned on, and
> then made sure to use /usr/bin/chmod to make any server-side permissions
> changes. Since rebuilding, I haven't had any similar issues.

What is the benefit of setting up a new pool if you can do a "chmod
-R"? Or did you have specific needs that could only be addressed this
way?

Jan