It's Just Another Layer » NFSv4 http://itsjustanotherlayer.com Virtualization is a layer in software. What are you abstracting away from? Fri, 30 Jul 2010 16:38:21 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 ACLs and CIFS under OpenSolaris http://itsjustanotherlayer.com/2009/02/acls-and-cifs-under-opensolaris/ http://itsjustanotherlayer.com/2009/02/acls-and-cifs-under-opensolaris/#comments Tue, 10 Feb 2009 04:22:39 +0000 iguy http://itsjustanotherlayer.com/?p=104 One of the issues with running a file server in the home is the fact that you have multiple computers and accounts (the wife, the kids etc) accessing the same directory trees. The default user/group works pretty well as you have effectively a single group for family access. Different groups are used for more computer based access needs such as server to server communication. However I found that the kernel CIFS doesn’t create files with proper access very well using the standard UNIX permissions.

ACLs are the solution in this case.

# zfs create -o casesensitivity=mixed -o sharesmb=name=storage -o quota=275G usbpool/storage
# cd /usbpool/storage
# chgrp home .
# chmod A=group@:rwxpdDaARWcCos:fd:allow .

Now when you create a new folder or files under this CIFS folder it creates them with the group permissions. I leave everyone in the same group and can add the secondary group as necessary for different shares needing permissions.

When users create files they are created with:

----rwx---+ 1 me home 7930 Feb 7 2008 test.txt

And when they create directories they are:

d---rwx---+ 2 me home 3 Feb 9 22:10 OpenSolaris

Doable and functional. I still wish there was better documentation that I could find around the ACL permissions and how they work. I’m doing testing and I know I’m missing things.

]]> http://itsjustanotherlayer.com/2009/02/acls-and-cifs-under-opensolaris/feed/ 1