[OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows

Robbie Crash sardonic.smiles at gmail.com
Tue May 22 16:22:44 UTC 2012


I was refeerring to the permission denied errors that shouldn't be
happening. The Unable to delete aspect was just what prompted me to write
the post.

While I was using the ZFS ACLs I wasn't ever able to make changes via
Windows, and had mixed problems accessing things that had been modified
either by Windows, or directly on the OI server, unless I reset the
permissions with /usr/bin/chmod after the fact. Talk on here and in the OI
room on Freenode led me, and most of the other people I'm aware of, to shut
off ZFS ACLs on all Windows shares. After that, managing the permissions
via Windows was fine.

On Tue, May 22, 2012 at 12:16 PM, <ths.mailaddr at yahoo.com> wrote:

> Hello - Robbie (?)
>
>
> thanks for your reply. I think its not the same problem you describe with
> reference to the post
> "Share Guest Access - Unable to Delete".
>
> I have the inheritance bits set and can create and delete directories and
> files. The created
> object even have the correct owner, which is the account used to connect
> to the share.
> If i set the ACLs from the terminal via chmod, i get exactly that
> presented on the windows
> client. What drives me crazy is the fact, that a lot of howtos on the net
> seem to suppose,
>
> that you can manage these ACL remote from Windows.
>
> RegardsThomas
>
>
> ________________________________
>  From: Robbie Crash <sardonic.smiles at gmail.com>
> To: Discussion list for OpenIndiana <openindiana-discuss at openindiana.org>
> Sent: Tuesday, May 22, 2012 5:46 PM
> Subject: Re: [OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs
> from Windows
>
> Disable ZFS ACLs and just use the POSIX ones.
>
> Set ACLmode and ACLInherit to discard on any pools you're using SMB on.
>
> If you want to keep using the ZFS ACL, check this post:
> https://robbiecrash.me/?p=89  I wrote about how to deal with the same
> permissions issues you're talking about.
>
> On Tue, May 22, 2012 at 9:13 AM, <ths.mailaddr at yahoo.com> wrote:
>
> > Hello,
> >
> > i try to get OI running as a replacement for an ageing netware server.
> > Therefor i am
> >
> > interested in ZFS and CIFS. The setup was straight forward and didt cause
> > any problems.
> >
> > But now im stuck. I am not able to manage the ACLs from WinXP Pro SP3 nor
> > Win7 Pro.
> >
> > I have added 'other password required pam_smb_passwd.so.1 nowarn' to
> > /etc/pam.conf
> > and reset the root password.
> >
> >
> > First, I am running the CIFS service in workgroup mode and i have created
> > 2 additional
> > users called 'admin' and 'user1'. 'admin' is supposed to be the windows
> > administrator,
> > 'user1' an ordinary user.  The share is setup like this:
> >
> > # zfs create -o casesensitivity=mixed -o nbmand=on datapool/test
> > # zfs set "sharesmb=name=test" datapool/test
> >
> > # chown -R admin /datapool/test
> >
> >
> > # zfs set aclinherit=passthrough datapool/test
> > # zfs set aclmode=passthrough datapool/test
> >
> >
> > /usr/bin/chmod A=\
> > owner@:rwxpdDaARWcCos:fd-----:allow,\
> > group@:rwxpdDaARWcCos:fd-----:allow,\
> > everyone@:rwxpdDaARWcCos:fd-----:allow \
> > /datapool/test
> >
> >
> > The ACLs on the share are:
> >
> >  ls -V /datapool/test/.zfs/shares/test
> > -rwxrwxrwx+  1 root     root           0 Mai 16 11:41
> > /datapool/test/.zfs/shares/test
> >               everyone@:rwxpdDaARWcCos:-------:allow
> >
> >
> > I can connect to the share either using root, admin or user1, but i
> cannot
> > manage the ACLs from
> >
> > Explorer->Properties->Security tab, regardless if i connect as root or
> > admin. The tab shows
> >
> > full rights for 'Current Ower', 'Current Group' and 'Everyone'
> >
> > If i connect the Windows Computer Management Console to the OI host, i
> see
> > 3 SMB groups
> > 'administrators', 'backup operators' and 'power users' and 3 users
> > 'admin', 'root' and 'user1'.
> > Windows let me access the details for the groups, showing an empty
> > membership list, but
> > didnt let me add any users. Error is always "Object not found". The same
> > happens if i try to
> > add an explicit ACL for one of these users from
> > Explorer->Properties->Security tab.
> >
> > Btw - if i add the users via smbadm add-member, they show up on windows.
> >
> > Could someone point me in the right direction please?
> >
> > Thanks in advance
> > Thomas
> > _______________________________________________
> > OpenIndiana-discuss mailing list
> > OpenIndiana-discuss at openindiana.org
> > http://openindiana.org/mailman/listinfo/openindiana-discuss
> >
>
>
>
> --
> Seconds to the drop, but it seems like hours.
>
> http://www.eff.org/
> <http://www.eff.org/>http://creativecommons.org/
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>



-- 
Seconds to the drop, but it seems like hours.

http://www.eff.org/
<http://www.eff.org/>http://creativecommons.org/


More information about the OpenIndiana-discuss mailing list