heya, I''m attempting to set up a ZFS share to be served via Samba. I originally tried to use NFSv4, but hit a bump in the form of c*appy Windows client support, and the Hummingbird Maestro requires hclnfsd to be installed, which wouldn''t run properly on Sol10 etc.) Anyway, I''m sorry if this is a trivial question - I had a thorough read of the ZFS Administration guide and the chmod(1)/(2) man pages, and I''m still unsure how to set 777 with the sticky bit (i.e. 1777) on datastore (my shared ZFS pool). I''ve already set aclinherit=passthrough, and used "chmod -R 1777 /datastore", but any new filesystems in datastore I create are not writeable by everyone. Basically, it''s a public share, but I want to prevent people from deleting/renaming other people''s files. What would be the ACL syntax I should use? (Or a better way of doing this). Thanks, Victor This message posted from opensolaris.org
On Mar 9, 2007, at 1:35 AM, Victor Hooi wrote:> heya, > > I''m attempting to set up a ZFS share to be served via Samba. I > originally tried to use NFSv4, but hit a bump in the form of c*appy > Windows client support, and the Hummingbird Maestro requires > hclnfsd to be installed, which wouldn''t run properly on Sol10 etc.)This is odd. Hummingbird has tested NFSv4 with a Solaris 10 server and to my knowledge has never required the use of hclnfsd for that testing. Spencer> > Anyway, I''m sorry if this is a trivial question - I had a thorough > read of the ZFS Administration guide and the chmod(1)/(2) man > pages, and I''m still unsure how to set 777 with the sticky bit > (i.e. 1777) on datastore (my shared ZFS pool). > > I''ve already set aclinherit=passthrough, and used "chmod -R 1777 / > datastore", but any new filesystems in datastore I create are not > writeable by everyone. Basically, it''s a public share, but I want > to prevent people from deleting/renaming other people''s files. > > What would be the ACL syntax I should use? (Or a better way of > doing this). > > Thanks, > Victor > > > This message posted from opensolaris.org > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
On 3/9/07, Victor Hooi <victorhooi at yahoo.com> wrote:> I''ve already set aclinherit=passthrough, and used "chmod -R 1777 /datastore", but any new filesystems in datastore I create are not writeable by everyone. Basically, it''s a public share, but I want to prevent people from deleting/renaming other people''s files. >I assume that new filesystems are being created on the Solaris side using "zfs create". You will likely need to do a chmod immediately after that. I suspect that you really mean "any new directories are not writable by everyone." That is a different problem.> What would be the ACL syntax I should use? (Or a better way of doing this).If it is only samba access, you should probably look at using these parameters in smb.conf: force create mode force directory mode force directory security mode security mask While I haven''t tested this scenario, I would expect that you would be able to use the parameters above to achieve what you are trying to do regardless of which UNIXy file system is being used. Mike -- Mike Gerdts http://mgerdts.blogspot.com/