[OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows

ths.mailaddr at yahoo.com ths.mailaddr at yahoo.com
Tue May 22 16:16:57 UTC 2012


Hello - Robbie (?)


thanks for your reply. I think its not the same problem you describe with reference to the post
"Share Guest Access - Unable to Delete".

I have the inheritance bits set and can create and delete directories and files. The created
object even have the correct owner, which is the account used to connect to the share.
If i set the ACLs from the terminal via chmod, i get exactly that presented on the windows
client. What drives me crazy is the fact, that a lot of howtos on the net seem to suppose, 

that you can manage these ACL remote from Windows.

RegardsThomas


________________________________
 From: Robbie Crash <sardonic.smiles at gmail.com>
To: Discussion list for OpenIndiana <openindiana-discuss at openindiana.org> 
Sent: Tuesday, May 22, 2012 5:46 PM
Subject: Re: [OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows
 
Disable ZFS ACLs and just use the POSIX ones.

Set ACLmode and ACLInherit to discard on any pools you're using SMB on.

If you want to keep using the ZFS ACL, check this post:
https://robbiecrash.me/?p=89  I wrote about how to deal with the same
permissions issues you're talking about.

On Tue, May 22, 2012 at 9:13 AM, <ths.mailaddr at yahoo.com> wrote:

> Hello,
>
> i try to get OI running as a replacement for an ageing netware server.
> Therefor i am
>
> interested in ZFS and CIFS. The setup was straight forward and didt cause
> any problems.
>
> But now im stuck. I am not able to manage the ACLs from WinXP Pro SP3 nor
> Win7 Pro.
>
> I have added 'other password required pam_smb_passwd.so.1 nowarn' to
> /etc/pam.conf
> and reset the root password.
>
>
> First, I am running the CIFS service in workgroup mode and i have created
> 2 additional
> users called 'admin' and 'user1'. 'admin' is supposed to be the windows
> administrator,
> 'user1' an ordinary user.  The share is setup like this:
>
> # zfs create -o casesensitivity=mixed -o nbmand=on datapool/test
> # zfs set "sharesmb=name=test" datapool/test
>
> # chown -R admin /datapool/test
>
>
> # zfs set aclinherit=passthrough datapool/test
> # zfs set aclmode=passthrough datapool/test
>
>
> /usr/bin/chmod A=\
> owner@:rwxpdDaARWcCos:fd-----:allow,\
> group@:rwxpdDaARWcCos:fd-----:allow,\
> everyone@:rwxpdDaARWcCos:fd-----:allow \
> /datapool/test
>
>
> The ACLs on the share are:
>
>  ls -V /datapool/test/.zfs/shares/test
> -rwxrwxrwx+  1 root     root           0 Mai 16 11:41
> /datapool/test/.zfs/shares/test
>               everyone@:rwxpdDaARWcCos:-------:allow
>
>
> I can connect to the share either using root, admin or user1, but i cannot
> manage the ACLs from
>
> Explorer->Properties->Security tab, regardless if i connect as root or
> admin. The tab shows
>
> full rights for 'Current Ower', 'Current Group' and 'Everyone'
>
> If i connect the Windows Computer Management Console to the OI host, i see
> 3 SMB groups
> 'administrators', 'backup operators' and 'power users' and 3 users
> 'admin', 'root' and 'user1'.
> Windows let me access the details for the groups, showing an empty
> membership list, but
> didnt let me add any users. Error is always "Object not found". The same
> happens if i try to
> add an explicit ACL for one of these users from
> Explorer->Properties->Security tab.
>
> Btw - if i add the users via smbadm add-member, they show up on windows.
>
> Could someone point me in the right direction please?
>
> Thanks in advance
> Thomas
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Seconds to the drop, but it seems like hours.

http://www.eff.org/
<http://www.eff.org/>http://creativecommons.org/
_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss


More information about the OpenIndiana-discuss mailing list