"NFS" in this case is referring to NFSv4-style ACLs vs Posix-style ACLs. In
general, I believe the best way to manage ZFS ACLS is to enable the
"zfsacl" VFS module, chown the root directory of the share so that it's
owned the user you'll be doing admin from. Then in Windows File Explorer
navigate to \\<samba server>, right-click on the share, click properties,
click on the security tab, and fine-tune the ACL as needed.
Other methods of modifying ACLs on your NAS4Free server are the command
line utilities "smbcacls" and "setfacl", but using a windows client is
probably the best way of doing this. "getfacl" can be used to view ACLs.
Since you're dealing with ZFS ACLs, it might also be a good idea to set the
"aclmode" property of the dataset you're sharing via samba to "restricted".
The comand to do this is "zfs set aclmode=restricted <pool>/<dataset>"
(i.e. "zfs set aclmode=restricted Tank/Samba"). This will cause chmod to
return an error when used on any file or directory which has a non-trivial
ACL whose entries cannot be represented by a mode. In short, it prevents
chmod from breaking your ACLs.
Post by L.P.H. van BelleI dont know much about Solaris, but i found this.
the uid has to match numerically
the gid has to match numerically
the NSF mount has to support the ACL operations, e.g., if the ACL grants
write, but the remote file system is read-only then the ACL can not be
honored.
http://nfs.sourceforge.net/nfs-howto/ar01s06.html
Greetz,
Louis
-----Oorspronkelijk bericht-----
Verzonden: woensdag 3 augustus 2016 19:45
Onderwerp: Re: [Samba] frustrations with shares
On Solaris at least , ZFS is using NFS acl's not posix. (not sure
how different the two are.) I did find that setting file permissions
in solaris wouldn't always behave as I expected. (Samba was compiled
with ZFS support.) Sometimes easier to make your self the owner of the
directory then set the permissions via windows.
Post by L.P.H. van BelleA "good" acl manual.
http://www.vanemery.com/Linux/ACL/linux-acl.html
As i do prefeer the debian os, but i do really like the archlinux wiki.
https://wiki.archlinux.org/index.php/Access_Control_Lists
Greetz,
Louis
-----Oorspronkelijk bericht-----
Verzonden: dinsdag 2 augustus 2016 13:55
Aan: 'David Bear'
CC: 'samba'
Onderwerp: Re: [Samba] frustrations with shares
Do you have a good doc that you can point me to?
Sincerely,
Frank
Sent: Saturday, July 30, 2016 10:46 PM
Subject: Re: [Samba] frustrations with shares
using posix acls?
On Wed, Jul 27, 2016 at 10:47 AM, Frank Kahle <
I am trying to allow users with permissions in one group (DEV) to have full
access to a folder that is owned by (QA). I have not been able to
figure
Post by L.P.H. van Bellethis out. Its running samba 4.2 in WORKGROUP mode (I can find
everything
Post by L.P.H. van Bellefor domain but I am not ready for that). Its running on freebsd on the
latest nas4free build NAS with a ZFS file system..
Thanks in advance
Frank Kahle
FileCatalyst | Unlimi-Tech Software
Recipient of the 66th Annual Technology and Engineering EmmyR Award
+ 1 613 667 2439 ext 114
<tel:1%20613%20667%202439%20%20%20%20%20%20%20%20%20%20%20%
20%20%20%20%20e
Post by L.P.H. van Bellext%20114>
1 877 327 9387 <tel:1%20877%20327%209387>
NA toll-free
1 613 986 4896 <tel:1%20613%20986%204896>
mobile
<http://www.filecatalyst.com> www.filecatalyst.com
<http://www.filecatalyst.com>
1725 St. Laurent Blvd, #205
Ottawa, On
K1G 3V4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
David Bear
mobile: (602) 903-6476
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba