I can't really explain the changes that happen to the file's
ACL using vi over NFS. I'm CC'ing zfs-discuss maybe someone
there can help out.
Afshin
John Keiffer wrote:
Looks like this:
n...@leo-ha2:/$ ls -Vd ha2/f1/
drwxr-xr-x+ 3 enguser root 4 Jul 1 14:51 ha2/f1/
user:smb:rwxp-D-ARW-Co-:-------:allow
user:nfs:rwxp-D-ARW-Co-:-------:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
Thanks,
John
-----Original Message-----
From: afshin.ardak...@sun.com [mailto:afshin.ardak...@sun.com]
Sent: Wednesday, July 01, 2009 6:17 PM
To: John Keiffer
Cc: cifs-disc...@opensolaris.org
Subject: Re: [cifs-discuss] [nfs-discuss] Why can't we write to files created
in multi-protocol se
How does the ACL for 'f1' look like?
Afshin
John Keiffer wrote:
Well... I may have had an idamp problem before, which I believe I've now
corrected. This is my current idamp config:
add "wingroup:Domain us...@matrix.lab" unixgroup:group2
add winuser:engu...@matrix.lab unixuser:enguser
wingroup:Domain adm...@matrix.lab == gid:2147483650
wingroup:Authenticated Users == gid:2147483651
wingroup:Network == gid:2147483652
wingroup:administrat...@builtin == gid:2147483653
I still have some questions regarding access from both CIFS and NFS:
After steping on the file from Linux and vi with the ! I believe it reordered
the ACL's like this:
n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
user:enguser:rwxpdDaARWcCos:fd-----:allow
everyone@:------a-R-c--s:-------:allow
Which means that when I try and access it from Windows I can't, because group2
has write deny (among other things). If I remove the user ACL and insert it at
the beginning, I can write again from Windows...
n...@leo-ha2:/$ chmod A3- ha2/f1/cifs.txt
n...@leo-ha2:/$ chmod A0+user:enguser:rwxpdDaARWcCos:fd-----:allow ha2/f1/cifs.txt
n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
user:enguser:rwxpdDaARWcCos:fd-----:allow
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
everyone@:------a-R-c--s:-------:allow
Until I ! save it again from Linux, because then the ACLs are changed (such
that nobody can do much of anything because of the deny lines):
n...@leo-ha2:/$ ls -V ha2/f1/cifs.txt
---------- 1 enguser group2 27 Jul 1 14:48 ha2/f1/cifs.txt
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:rwxp----------:-------:deny
group@:--------------:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
