[OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows

Robbie Crash sardonic.smiles at gmail.com
Tue May 22 15:46:32 UTC 2012 

Disable ZFS ACLs and just use the POSIX ones.

Set ACLmode and ACLInherit to discard on any pools you're using SMB on.

If you want to keep using the ZFS ACL, check this post:
https://robbiecrash.me/?p=89  I wrote about how to deal with the same
permissions issues you're talking about.

On Tue, May 22, 2012 at 9:13 AM, <ths.mailaddr at yahoo.com> wrote:

> Hello,
>
> i try to get OI running as a replacement for an ageing netware server.
> Therefor i am
>
> interested in ZFS and CIFS. The setup was straight forward and didt cause
> any problems.
>
> But now im stuck. I am not able to manage the ACLs from WinXP Pro SP3 nor
> Win7 Pro.
>
> I have added 'other password required pam_smb_passwd.so.1 nowarn' to
> /etc/pam.conf
> and reset the root password.
>
>
> First, I am running the CIFS service in workgroup mode and i have created
> 2 additional
> users called 'admin' and 'user1'. 'admin' is supposed to be the windows
> administrator,
> 'user1' an ordinary user.  The share is setup like this:
>
> # zfs create -o casesensitivity=mixed -o nbmand=on datapool/test
> # zfs set "sharesmb=name=test" datapool/test
>
> # chown -R admin /datapool/test
>
>
> # zfs set aclinherit=passthrough datapool/test
> # zfs set aclmode=passthrough datapool/test
>
>
> /usr/bin/chmod A=\
> owner@:rwxpdDaARWcCos:fd-----:allow,\
> group@:rwxpdDaARWcCos:fd-----:allow,\
> everyone@:rwxpdDaARWcCos:fd-----:allow \
> /datapool/test
>
>
> The ACLs on the share are:
>
>  ls -V /datapool/test/.zfs/shares/test
> -rwxrwxrwx+  1 root     root           0 Mai 16 11:41
> /datapool/test/.zfs/shares/test
>               everyone@:rwxpdDaARWcCos:-------:allow
>
>
> I can connect to the share either using root, admin or user1, but i cannot
> manage the ACLs from
>
> Explorer->Properties->Security tab, regardless if i connect as root or
> admin. The tab shows
>
> full rights for 'Current Ower', 'Current Group' and 'Everyone'
>
> If i connect the Windows Computer Management Console to the OI host, i see
> 3 SMB groups
> 'administrators', 'backup operators' and 'power users' and 3 users
> 'admin', 'root' and 'user1'.
> Windows let me access the details for the groups, showing an empty
> membership list, but
> didnt let me add any users. Error is always "Object not found". The same
> happens if i try to
> add an explicit ACL for one of these users from
> Explorer->Properties->Security tab.
>
> Btw - if i add the users via smbadm add-member, they show up on windows.
>
> Could someone point me in the right direction please?
>
> Thanks in advance
> Thomas
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Seconds to the drop, but it seems like hours.

http://www.eff.org/
<http://www.eff.org/>http://creativecommons.org/

More information about the OpenIndiana-discuss mailing list