Re: [cifs-discuss] idmapping

Wed, 11 Nov 2009 11:42:10 -0800 

Chris Gerhard wrote:
How can I map what appears to be the default the "SYSTEM" group on windows XP to a group on Solaris? I always end up with an ephemeral group for that? 


I've mapped my user "cjg" <-> "cg13442" and put it in the default group 
smbstaff which I have also mapped. However every object I create on XP 
on the CIFS server ends up with an additional ACL for an ephemeral group 
which when viewed on XP is the "SYSTEM" group:


SYSTEM is probably being inherited from the parent ACL.
If that's the case, just remove it from the parent directory ACL.


v-ss7410b-gmp03# idmap list
add     "winuser:cjg.uk.sun.com\\cjg"    unixuser:cg13442
add     "wingroup:cjg.uk.sun.com\\smbstaff"    unixgroup:staff
add -d    "wingroup:*\\SYSTEM"    unixgroup:sys
v-ss7410b-gmp03# ls -dv My*
d---------+  4 cg13442  staff          5 Nov 11 12:42 My Documents
     0:user:cg13442:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner/synchronize:allow
     1:group:2147483648:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner/synchronize:allow
v-ss7410b-gmp03#

This in turn prevents me from listing the file over NFS:


This (the SYSTEM ACE) almost certainly isn't related to whether
or not you can list files over NFS.

If you can't list files, you probably don't have sufficient access
in whatever ACEs are being associated with your credentials.

Also, note that ls will only display permissions associated with
owner@, group@ and everyone@, which is what leads to the
d--------- thing.

Alan


: v4v-machine-a11-gmp03.eu TS 51 $; ls -l
ls: can't read ACL on ./My Documents: Not owner
ls: can't read ACL on ./xp.txt: Not owner
total 12
d---------  0 root     root           5 Jan  1  1970
----------  0 root     root           0 Jan  1  1970
-rw-r-----   1 cg13442  staff          5 Nov 10 16:25 nfs
----------+  1 cg13442  staff          6 Nov 10 17:49 smb.txt
-rw-r-----   1 cg13442  root          13 Nov 10 16:50 zfs.txt
: v4v-machine-a11-gmp03.eu TS 52 $; ls
My Documents  nfs           smb.txt       xp.txt        zfs.txt
: v4v-machine-a11-gmp03.eu TS 53 $;


Thanks



_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss






















					Reply via email to