Re: [cifs-discuss] creating read-only shares

Sun, 21 Feb 2010 16:19:00 -0800 

On 02/20/10 09:32, Geoff Nordli wrote:

On 02/19/10 12:30, Drew Balfour wrote:

I am trying to configure a system where there are two shares which
point to
the same directory. One of the shares is read-only and the other is
read-write. I want the read-only to prevent file deletes, even if the
user
does have the required file level permissions to delete it.

That should work, provided you've got all the permissions set up
correctly. First off, could you run the cifs-gendiag script and post

the

output? Also, ls -V of a sample file that you're able to delete from

the

-ro share.


sharemgr show the state-ro share as being ro from

everywhere/everyone,

but I
can still delete a file from that share. Maybe I don't understand how
it is
supposed to work.

Have you tried only sharing the filesystem as read only, to confirm

that

part is working? How are you connecting to the share, as Guest or as a
domain or local user?

The ro/rw/none=<access-list> option is intented to control access
based on the client connecting to the system.  For example,
ro=client means that connections from "client" will not be allowed
to modify files on the share but the same users will be able to
modify files from a different host, although you can use wildcards.

However ... I just looked at the code and I think there may be a
problem.  We'll investigate.

An alternative is to use share ACLs.  You can set the share ACL to
Read using a Windows client: MyComputer -> Manage <connect your
system> -> Shares -> Properties -> Share Permissions.

Or you can use chmod:

        cd /path-to-dataset/.zfs/shares
        chmod A=everyone@:read_set/execute:fd:allow read-only-share
        chmod A=everyone@:full_set:fd:allow read-write-share

Alan



Thanks Alan and Drew.

If you are using a Windows client to modify the share level permissions, it
would have to set them somewhere on the server. Where would that be stored? 

ZFS shares have an entry in /path-to-dataset/.zfs/shares with the name
of the share.  The ACL on each of those files is the share ACL, and
you can use chmod to manage those ACLs in the same you you can use it
to  manage regular file/directory ACLs.

Alan
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

Reply via email to