ACLs and CIFS under OpenSolaris

One of the issues with running a file server in the home is the fact that you have multiple computers and accounts (the wife, the kids etc) accessing the same directory trees. The default user/group works pretty well as you have effectively a single group for family access. Different groups are used for more computer based access needs such as server to server communication. However I found that the kernel CIFS doesn’t create files with proper access very well using the standard UNIX permissions.

ACLs are the solution in this case.

# zfs create -o casesensitivity=mixed -o sharesmb=name=storage -o quota=275G usbpool/storage
# cd /usbpool/storage
# chgrp home .
# chmod A=group@:rwxpdDaARWcCos:fd:allow .

Now when you create a new folder or files under this CIFS folder it creates them with the group permissions. I leave everyone in the same group and can add the secondary group as necessary for different shares needing permissions.

When users create files they are created with:

----rwx---+ 1 me home 7930 Feb 7 2008 test.txt

And when they create directories they are:

d---rwx---+ 2 me home 3 Feb 9 22:10 OpenSolaris

Doable and functional. I still wish there was better documentation that I could find around the ACL permissions and how they work. I’m doing testing and I know I’m missing things.

Related Posts:

3 thoughts on “ACLs and CIFS under OpenSolaris”

  1. i had the same problems. in addition to setting the ACL, i also had to enable acl inheritance through:

    zfs set aclinherit=passthrough usbpool/storage

    also i made bad experiences with casesensitivity=mixed: if there’s a file “File1.txt”, and an unix user creates a file “file1.txt”, both filenames are “renamed” for CIFS access. casesensitivity=insensitive works much better for me.

  2. The functionality you list above is exactly what I’ve been looking for.

    Unfortunately the chmod command gave the following error:
    zaphod@thebook:/tank/test$ chmod A=group@:rwxpdDaARWcCos:fd:allow .
    chmod: invalid mode: `A=group@:rwxpdDaARWcCos:fd:allow’
    Try `chmod –help’ for more information.

    Any thoughts would be appreciated. I’m on snv_134b

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>