[OpenIndiana-discuss] CIFS sharing in a Windows Domain

Gordon Ross gordon.w.ross at gmail.com
Fri Sep 14 00:45:38 UTC 2012

On Wed, Sep 12, 2012 at 5:29 AM, Gabriele Bulfon <gbulfon at sonicle.com> wrote:
> Hi,
> when sharing a zfs filesystem inside a domain, I usually chmod 777 the base filesystem,
> then the Windows Administsrator can start creating folders and giving permissions.
> Maybe there is somtehing wrong with the way I do it, but the strange thing is that the base share
> results available to Everyone, they can create folder, files, and these get only the permissions of this
> user and just System. So, not even the Administrator can delete this files.
> If I remember well, there is no way to change the permission of the base share (the zfs filesystem)
> by the Administrator, but only subfolders inside it.
> When sharing a zfs filesystem via CIFS, I'd like this base share to have just permission for the
> Administrator, so that he can only create folders / files there, and then give permissions to others.
> What's wrong?
> Gabriele.

Probably what's wrong is that "chmod 777" does not enable inheritance.
Instead, I'd recommend:

 chmod A=everyone@:rwxpdDaARWcCos:fd:allow /pool/fs-name

which enables the file+directory inheritane bits.
After you do that, connect with Windows and set the
security the way you really want it to be.

Also remember to set zfs aclmode and aclinherit to passthrough
if you want ACL changes from unix to make sense to cifs clients.

Gordon Ross <gwr at nexenta.com>
Nexenta Systems, Inc.  www.nexenta.com
Enterprise class storage for everyone

More information about the OpenIndiana-discuss mailing list