Re: [cifs-discuss] ACL issue?

Wed, 20 Jan 2010 23:12:31 -0800 

On 01/19/10 11:11, Michelle Knight wrote:
>> The permissions are reading ----------+ and I don't understand why.
>> I'd prefer them to at least be read/write to the owner. (the owner and
>> group are correct)  I think it is the new ALC, but I'm not certain.
>> Much of the things I've been reading about the new ACL is above my head.

This "----------+" is basically due to ZFS trying to conform to the
NFSv4 spec.  The NFSv4 spec requires that only owner@, group@ and
everyone@ entries in an ACL should be represented in the file mode.

ZFS applies this as a general rule, so you see this on local files
as well.  "----------+" typically happens when you create a file from
Windows and you don't have any owner@, group@ or everyone@ inheritable
ACEs on the parent directory.

We are working on changes so that this will not be an issue.  For
example, the following change is in snv_132.

        6899409 Preserve owner@/group@ across SMB

With this change, the owner@ and group@ ACEs will no longer be converted
to User and Group ACEs by the CIFS Service when you are working with
ACLs on Windows.  You can also add owner@ and group@ to an ACL from the
Windows desktop by adding Current Owner and Current Group.

Note Everyone<->everyone@ conversions are already handled correctly.

>> # chmod A=everyone@:full_set:fd:allow <directory>
>
> I can't give everyone full control. Any understandable manuals
> on the ACL please?

To learn more about ACLs, google: Windows Access Control List ACL

The advise to set Everyone:Full Control is just a general starting
point.  You can set whatever ACL you want.  A good starting point
might be to set this on your root directory:

        chmod A=owner@:full_set:fd:allow <path>
        chmod A+group@:read_set/execute:fd:allow <path>
        chmod A+everyone@:read_set/execute:fd:allow <path>

This should give you "rwxr-xr-x".

NOTE 1: DO NOT mess with ACLs from Windows if you really need owner@
and group@ until you have snv_132 or you will have to manually update
them again using chmod.

NOTE 2: If you plan to use Windows and you're not really familiar with
ACLs, don't use 'chmod 750 <path>'  Use chmod as shown above to manage
ACLs.

Alan

_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

Reply via email to