samba - Jun 2014 - Proper unix ownership/Permissions for top level share

I am using zfs on linux to store my file shares on. When I create a new 
file system, they have the following permissions:

[root at server ~]# zfs create tank/testsystem
[root at server ~]# ls -Al /tank
drwxrwxrwx+  10 root    root   27 Jun  2 20:10 Software
drwxr-xr-x    2 root    root    2 Jun  3 07:43 testsystem

At this point, if I use the rsat and attempt to set ACL, I get 
permission denied. adding rwx to everyone, as the "software" system 
shows above, then the rsat work as expected (and i get the + indicating 
ACL has been set.)

However, having my root folder sitting with rwx is rubbing me the wrong 
way - I don't think that is how it should be.

Could someone elucidate for me what the proper unix 
ownership/permissions should be for my top level shares? Is there a set 
of acls I can apply on the unix side as part of my file system creation?

I am using Samba 4.1.7 previsioned as a primary domain controller 
(Active directory, not NT style)

-- 
JD Daniels

As far as I know, ZFS on Linux still doesn't support ACL.




On Tue, Jun 3, 2014 at 11:50 AM, JD Daniels <jd at internetguys.ca> wrote:
> I am using zfs on linux to store my file shares on. When I create a new
> file system, they have the following permissions:
>
> [root at server ~]# zfs create tank/testsystem
> [root at server ~]# ls -Al /tank
> drwxrwxrwx+  10 root    root   27 Jun  2 20:10 Software
> drwxr-xr-x    2 root    root    2 Jun  3 07:43 testsystem
>
> At this point, if I use the rsat and attempt to set ACL, I get permission
> denied. adding rwx to everyone, as the "software" system shows
above, then
> the rsat work as expected (and i get the + indicating ACL has been set.)
>
> However, having my root folder sitting with rwx is rubbing me the wrong
> way - I don't think that is how it should be.
>
> Could someone elucidate for me what the proper unix ownership/permissions
> should be for my top level shares? Is there a set of acls I can apply on
> the unix side as part of my file system creation?
>
> I am using Samba 4.1.7 previsioned as a primary domain controller (Active
> directory, not NT style)
>
> --
> JD Daniels
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>