ACLs and CIFS under OpenSolaris
One of the issues with running a file server in the home is the fact that you have multiple computers and accounts (the wife, the kids etc) accessing the same directory trees. The default user/group works pretty well as you have effectively a single group for family access. Different groups are used for more computer based access needs such as server to server communication. However I found that the kernel CIFS doesn’t create files with proper access very well using the standard UNIX permissions.
ACLs are the solution in this case.
# zfs create -o casesensitivity=mixed -o sharesmb=name=storage -o quota=275G usbpool/storage
# cd /usbpool/storage
# chgrp home .
# chmod A=group@:rwxpdDaARWcCos:fd:allow .
Now when you create a new folder or files under this CIFS folder it creates them with the group permissions. I leave everyone in the same group and can add the secondary group as necessary for different shares needing permissions.
When users create files they are created with:
----rwx---+ 1 me home 7930 Feb 7 2008 test.txt
And when they create directories they are:
d---rwx---+ 2 me home 3 Feb 9 22:10 OpenSolaris
Doable and functional. I still wish there was better documentation that I could find around the ACL permissions and how they work. I’m doing testing and I know I’m missing things.
In: OpenSolaris · Tagged with: ACL, CIFS, NFSv4, OpenSolaris
on 10 March 2009 at 11:12 pm
Permalink
i had the same problems. in addition to setting the ACL, i also had to enable acl inheritance through:
zfs set aclinherit=passthrough usbpool/storage
also i made bad experiences with casesensitivity=mixed: if there’s a file “File1.txt”, and an unix user creates a file “file1.txt”, both filenames are “renamed” for CIFS access. casesensitivity=insensitive works much better for me.