Re: [discuss] What ACL for Time Machine shares?

Sat, 02 Dec 2023 12:24:41 -0800

Small correction for inheritance on create files and folders acl (tm wants to create subfilders)
If you want to separate backups from several users you can use the following three NFS v4 acl rules. If you have a Windows machine, you can set ACL from there (easier than console, or use my napp-it) as Windows ntfs ACL are quite identical to NFS v4 ACL beside deny rules. 

*on shared folder*


- allow read to this folder only for everyone with inheritance disabled 
(to give access to share)
- allow creation of files and folders for everyone to this folder only 
with inheritance enabled (to allow backups)


When a user creates a folder via tm backup he is owner.
You can use this to add rights for his own backup


- allow owner full or modify permissions with inheritance to files and 
folders


Set nbmand and oplock to on, aclinherit to passthrough (ZFS properties)

Gea


Hi,


I could manage to publish an SMB share to be used with Time Machine 
but I still can't figure out which are the right permissions to set 
up. I read https://docs.oracle.com/cd/E36784_01/html/E36835/ftyxi.html 
<https://docs.oracle.com/cd/E36784_01/html/E36835/ftyxi.html#scrolltoc>, 
created an smbuser group and two smbuser1, smbuser2 users, both 
belonging to the smbuser group. The dataset is call rpool/timemachine.



I ended up setting `chmod 1777 /timemachine` which allowed both users 
to be used to create a backup. But that feels a bit too many 
permissions for me. And as chmod breaks ACL inheritance, I understand 
that I should not use this.



What would be the proper ACL set to apply to get something like : any 
users from the smbuser group can create/delete/rename their own files 
and subdirectories, but can't read/modify others ?


Thanks.



*illumos <https://illumos.topicbox.com/latest>* / illumos-discuss / see 
discussions <https://illumos.topicbox.com/groups/discuss> + participants 
<https://illumos.topicbox.com/groups/discuss/members> + delivery options 
<https://illumos.topicbox.com/groups/discuss/subscription> Permalink 
<https://illumos.topicbox.com/groups/discuss/Te31e27e278d377ff-Mfb37cd47e9289d072a33365d> 


------------------------------------------
illumos: illumos-discuss
Permalink: 
https://illumos.topicbox.com/groups/discuss/Te31e27e278d377ff-Mf2746846e83b567d0c6ea91e
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription






















					Reply via email to