Comments on: Solaris CIFS Server and ZFS ACLs: The Problem http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/ The web site of Matthew R. Wilson Wed, 28 Dec 2011 14:32:29 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: wujek http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-31468 wujek Wed, 28 Dec 2011 14:32:29 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-31468 Thank you. Thank you.

]]> By: Hayes Whitt http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-25339 Hayes Whitt Fri, 15 Apr 2011 23:07:57 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-25339 I got the answer you are looking for on my Solaris 11 guide. Check out under "Permissions and ACL". I got the answer you are looking for on my Solaris 11 guide. Check out under “Permissions and ACL”.

]]> By: Benjamin http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-14543 Benjamin Tue, 08 Jun 2010 12:08:49 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-14543 <a href="#comment-14523" rel="nofollow">@mwilson</a> That did it! Thanks a bunch! @mwilson
That did it! Thanks a bunch!

]]> By: mwilson http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-14523 mwilson Mon, 07 Jun 2010 16:44:41 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-14523 @Benjamin - the command you list works fine for me on Solaris 10u8. On OpenSolaris I think there's a possibility that the GNU chmod command is higher on your path than the Solaris chmod command. What does 'which chmod' tell you? Try your command again, but specify a full path for chmod -- /usr/bin/chmod should work. @Benjamin – the command you list works fine for me on Solaris 10u8. On OpenSolaris I think there’s a possibility that the GNU chmod command is higher on your path than the Solaris chmod command. What does ‘which chmod’ tell you? Try your command again, but specify a full path for chmod — /usr/bin/chmod should work.

]]> By: Benjamin http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-14517 Benjamin Mon, 07 Jun 2010 14:24:42 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-14517 I can't get Bryan's chmod command to work. I'm on OpenSolaris JeOS svn_134 and issuing: chmod -R A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow /export/home/cfissahre/osol results in the following error: chmod: invalid mode: 'A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow' What am I missing? Thanks I can’t get Bryan’s chmod command to work. I’m on OpenSolaris JeOS svn_134 and issuing:

chmod -R A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow /export/home/cfissahre/osol

results in the following error:

chmod: invalid mode: ‘A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow’

What am I missing?
Thanks

]]> By: Noname http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-14320 Noname Mon, 31 May 2010 15:56:03 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-14320 Indeed. Thanks, Bryan. Indeed. Thanks, Bryan.

]]> By: Bryan http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-6255 Bryan Fri, 17 Jul 2009 20:28:42 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-6255 Sorry for the additional comment - but the comment box stripped off the last bit of the chmod command. You obviously need to add the directory name to the end of the command - the directory you want to apply the ACL to. Hope this helps anybody out there that is looking for this information. Sorry for the additional comment – but the comment box stripped off the last bit of the chmod command. You obviously need to add the directory name to the end of the command – the directory you want to apply the ACL to.

Hope this helps anybody out there that is looking for this information.

]]> By: Bryan http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-6254 Bryan Fri, 17 Jul 2009 20:26:01 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-6254 OpenSolaris and CIFS share ACLs are bit hard to deal with initially. The problem starts with the fact that ZFS shares do not come with inheritable ACL permissions out of the box - and both Windows and OS X (I'm dealing with Leopard) clients only pay attention to the ACLs and ignore umask and other UNIX based permissions. To fix this issue, you simply need to create a standard set of ACLs with inheritance marked on the directory you are sharing, something like this (careful this will replace all existing ACLs): chmod -R A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow This gives a new file with permissions like this: user:full control everyone: read_only (it includes reading of child objects and attrs, etc). The moral of the story is to define a default set of ACLs when you create a new ZFS/CIFS share. (Most of this was derived from the post by Afshin: http://opensolaris.org/jive/thread.jspa?messageID=278848 -- Mentioned by Kopsis in another comment). OpenSolaris and CIFS share ACLs are bit hard to deal with initially. The problem starts with the fact that ZFS shares do not come with inheritable ACL permissions out of the box – and both Windows and OS X (I’m dealing with Leopard) clients only pay attention to the ACLs and ignore umask and other UNIX based permissions.

To fix this issue, you simply need to create a standard set of ACLs with inheritance marked on the directory you are sharing, something like this (careful this will replace all existing ACLs):

chmod -R A=owner@:rwxpdDaARWcCos:df:allow,everyone@:xrcarR:df:allow

This gives a new file with permissions like this:
user:full control
everyone: read_only (it includes reading of child objects and attrs, etc).

The moral of the story is to define a default set of ACLs when you create a new ZFS/CIFS share.
(Most of this was derived from the post by Afshin: http://opensolaris.org/jive/thread.jspa?messageID=278848 — Mentioned by Kopsis in another comment).

]]> By: Kopsis http://mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/comment-page-1/#comment-2796 Kopsis Sat, 08 Nov 2008 05:05:44 +0000 http://www.mattwilson.org/blog/solaris/solaris-cifs-server-and-zfs-acls-the-problem/#comment-2796 Take a look at Afshin's post here: http://opensolaris.org/jive/thread.jspa?messageID=278848 From that it wasn't hard to figure out how to set up something very similar to what you're trying to achieve. Take a look at Afshin’s post here:

http://opensolaris.org/jive/thread.jspa?messageID=278848

From that it wasn’t hard to figure out how to set up something very similar to what you’re trying to achieve.

]]>