Issue: Privileged (root) account required to access zpool imported from Mac OS/X. Just installed b119 bits onto my OS/X 10.5.5 system today in an attempt to share VirtualBox disk image files between my Mac and my OpenSolaris (2008.11 b99) laptop. Install worked well and I was able to create ZFS pools (v6 or v8) on USB memory sticks and drives on the Mac without issue. Unmounted the volume/pool, exported the pool, attached the drive to the laptop, and performed the zpool import. I learned that the uid/gid from the user account on the Mac gets embedded in the pool and the system attempts to use that information when mounting the filesystem. In this case, I created user/group accounts called "leopard" on the OpenSolaris side. As ''root'' user, I can see the pools mounted in /. drwxr-xr-x 4 leopard leopard 5 2008-10-17 01:39 a1g_pool drwxr-xrwx 5 leopard leopard 8 2008-10-16 17:02 a4g_pool If I run the same ''ls'' command as a normal, unprivileged user, the output is a lot different - ?????????? ? ? ? ? ? a1g_pool ?????????? ? ? ? ? ? a4g_pool A quick Google search turned up similar mentions of this issue over the past 6 months with sharing pools with FreeBSD and others, but no resolutions. I tried changing ACL-related properties, but I think the issue is more basic and intrinsic to the settings of the base pool. Below is also a list of the settings reported from a ''zfs get all a1g_pool'' command - NAME PROPERTY VALUE SOURCE a1g_pool type filesystem - a1g_pool creation Fri Oct 17 1:39 2008 - a1g_pool used 314K - a1g_pool available 952M - a1g_pool referenced 270K - a1g_pool compressratio 1.00x - a1g_pool mounted yes - a1g_pool quota none default a1g_pool reservation none default a1g_pool recordsize 128K default a1g_pool mountpoint /a1g_pool default a1g_pool sharenfs off default a1g_pool checksum on default a1g_pool compression off default a1g_pool atime on default a1g_pool devices on default a1g_pool exec on default a1g_pool setuid on default a1g_pool readonly off default a1g_pool zoned off default a1g_pool snapdir hidden default a1g_pool aclmode groupmask default a1g_pool aclinherit restricted default a1g_pool canmount on default a1g_pool shareiscsi off default a1g_pool xattr on default a1g_pool copies 1 default a1g_pool version 1 - a1g_pool utf8only off - a1g_pool normalization none - a1g_pool casesensitivity sensitive - a1g_pool vscan off default a1g_pool nbmand off default a1g_pool sharesmb off default a1g_pool refquota none default a1g_pool refreservation none default a1g_pool primarycache all default a1g_pool secondarycache all default -- Todd E. Moore Sun Microsystems Incorporated 443.516.4002 AIM: toddmoore72462 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Todd E. Moore
2008-Oct-17 16:07 UTC
Re: Why does ZFS pool require root privileges to access?
Additional Information after continuing to tinker: After importing the zpool, if I use "root" to manually ''chmod'' the file permissions on the zpool''s mount point, then non-privilege users can access the pool. This alone doesn''t solve the problem since all files in the pool need to be similarly updated. If I create the zpool on OpenSolaris (using -o version=6 for compatiblity), the Mac OS/X system is able to mount the volume but the default user/group is "root:wheel". Attempts to alter the permissions using "Finder", copy files into the pool, and unmount/export the pool result in a ''busy'' device message from "Finder" during the unmount which necessitates a system reboot (system hang/crash if attempt to simply remove the USB device). Thinking that the issue may be related to "xattr", I attempted to disable "xattr" on the pool using ''zfs set xattr=off''. This did not alter the behavior in any way. Todd E. Moore wrote: Issue: Privileged (root) account required to access zpool imported from Mac OS/X. Just installed b119 bits onto my OS/X 10.5.5 system today in an attempt to share VirtualBox disk image files between my Mac and my OpenSolaris (2008.11 b99) laptop. Install worked well and I was able to create ZFS pools (v6 or v8) on USB memory sticks and drives on the Mac without issue. Unmounted the volume/pool, exported the pool, attached the drive to the laptop, and performed the zpool import. I learned that the uid/gid from the user account on the Mac gets embedded in the pool and the system attempts to use that information when mounting the filesystem. In this case, I created user/group accounts called "leopard" on the OpenSolaris side. As ''root'' user, I can see the pools mounted in /. drwxr-xr-x 4 leopard leopard 5 2008-10-17 01:39 a1g_pool drwxr-xrwx 5 leopard leopard 8 2008-10-16 17:02 a4g_pool If I run the same ''ls'' command as a normal, unprivileged user, the output is a lot different - ?????????? ? ? ? ? ? a1g_pool ?????????? ? ? ? ? ? a4g_pool A quick Google search turned up similar mentions of this issue over the past 6 months with sharing pools with FreeBSD and others, but no resolutions. I tried changing ACL-related properties, but I think the issue is more basic and intrinsic to the settings of the base pool. Below is also a list of the settings reported from a ''zfs get all a1g_pool'' command - NAME PROPERTY VALUE SOURCE a1g_pool type filesystem - a1g_pool creation Fri Oct 17 1:39 2008 - a1g_pool used 314K - a1g_pool available 952M - a1g_pool referenced 270K - a1g_pool compressratio 1.00x - a1g_pool mounted yes - a1g_pool quota none default a1g_pool reservation none default a1g_pool recordsize 128K default a1g_pool mountpoint /a1g_pool default a1g_pool sharenfs off default a1g_pool checksum on default a1g_pool compression off default a1g_pool atime on default a1g_pool devices on default a1g_pool exec on default a1g_pool setuid on default a1g_pool readonly off default a1g_pool zoned off default a1g_pool snapdir hidden default a1g_pool aclmode groupmask default a1g_pool aclinherit restricted default a1g_pool canmount on default a1g_pool shareiscsi off default a1g_pool xattr on default a1g_pool copies 1 default a1g_pool version 1 - a1g_pool utf8only off - a1g_pool normalization none - a1g_pool casesensitivity sensitive - a1g_pool vscan off default a1g_pool nbmand off default a1g_pool sharesmb off default a1g_pool refquota none default a1g_pool refreservation none default a1g_pool primarycache all default a1g_pool secondarycache all default -- Todd E. Moore Sun Microsystems Incorporated 443.516.4002 AIM: toddmoore72462 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss -- Todd E. Moore Sun Microsystems Incorporated 443.516.4002 AIM: toddmoore72462 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
Todd E. Moore
2008-Oct-17 16:18 UTC
Re: Why does ZFS pool require root privileges to access?
Additional Information after continuing to tinker: After importing the zpool, if I use "root" to manually ''chmod'' the file permissions on the zpool''s mount point, then non-privilege users can access the pool. This alone doesn''t solve the problem since all files in the pool need to be similarly updated. If I create the zpool on OpenSolaris (using -o version=6 for compatiblity), the Mac OS/X system is able to mount the volume but the default user/group is "root:wheel". Attempts to alter the permissions using "Finder", copy files into the pool, and unmount/export the pool result in a ''busy'' device message from "Finder" during the unmount which necessitates a system reboot (system hang/crash if attempt to simply remove the USB device). Thinking that the issue may be related to "xattr", I attempted to disable "xattr" on the pool using ''zfs set xattr=off''. This did not alter the behavior in any way. Todd E. Moore wrote: Issue: Privileged (root) account required to access zpool imported from Mac OS/X. Just installed b119 bits onto my OS/X 10.5.5 system today in an attempt to share VirtualBox disk image files between my Mac and my OpenSolaris (2008.11 b99) laptop. Install worked well and I was able to create ZFS pools (v6 or v8) on USB memory sticks and drives on the Mac without issue. Unmounted the volume/pool, exported the pool, attached the drive to the laptop, and performed the zpool import. I learned that the uid/gid from the user account on the Mac gets embedded in the pool and the system attempts to use that information when mounting the filesystem. In this case, I created user/group accounts called "leopard" on the OpenSolaris side. As ''root'' user, I can see the pools mounted in /. drwxr-xr-x 4 leopard leopard 5 2008-10-17 01:39 a1g_pool drwxr-xrwx 5 leopard leopard 8 2008-10-16 17:02 a4g_pool If I run the same ''ls'' command as a normal, unprivileged user, the output is a lot different - ?????????? ? ? ? ? ? a1g_pool ?????????? ? ? ? ? ? a4g_pool A quick Google search turned up similar mentions of this issue over the past 6 months with sharing pools with FreeBSD and others, but no resolutions. I tried changing ACL-related properties, but I think the issue is more basic and intrinsic to the settings of the base pool. Below is also a list of the settings reported from a ''zfs get all a1g_pool'' command - NAME PROPERTY VALUE SOURCE a1g_pool type filesystem - a1g_pool creation Fri Oct 17 1:39 2008 - a1g_pool used 314K - a1g_pool available 952M - a1g_pool referenced 270K - a1g_pool compressratio 1.00x - a1g_pool mounted yes - a1g_pool quota none default a1g_pool reservation none default a1g_pool recordsize 128K default a1g_pool mountpoint /a1g_pool default a1g_pool sharenfs off default a1g_pool checksum on default a1g_pool compression off default a1g_pool atime on default a1g_pool devices on default a1g_pool exec on default a1g_pool setuid on default a1g_pool readonly off default a1g_pool zoned off default a1g_pool snapdir hidden default a1g_pool aclmode groupmask default a1g_pool aclinherit restricted default a1g_pool canmount on default a1g_pool shareiscsi off default a1g_pool xattr on default a1g_pool copies 1 default a1g_pool version 1 - a1g_pool utf8only off - a1g_pool normalization none - a1g_pool casesensitivity sensitive - a1g_pool vscan off default a1g_pool nbmand off default a1g_pool sharesmb off default a1g_pool refquota none default a1g_pool refreservation none default a1g_pool primarycache all default a1g_pool secondarycache all default -- Todd E. Moore Sun Microsystems Incorporated 443.516.4002 AIM: toddmoore72462 -- Todd E. Moore Sun Microsystems Incorporated 443.516.4002 AIM: toddmoore72462 _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss