I only took a cursory look at the discussion below but I suspect
that vi isn't just overwriting the file.
If vi is saving a copy then doing an rm+rename thing, the ACL on
the "saved" file was either inherited from the parent directory
when the copy was saved or vi .attempted to copy the permissions
from the original file but, because of NFS, the destination doesn't
quite get the same ACL.
Try changing the parent directory ACL such that the inheritable
ACEs look correct for newly created files, i.e. when you make a
new file over NFS, does the ACL turn out the way you want.
Then retry the scenario that's causing a problem.
Alan
--
On 07/01/09 18:55, Afshin Salek wrote:
I can't really explain the changes that happen to the file's
ACL using vi over NFS. I'm CC'ing zfs-discuss maybe someone
there can help out.
Afshin
John Keiffer wrote:
Looks like this:
n...@leo-ha2:/$ ls -Vd ha2/f1/
drwxr-xr-x+ 3 enguser root 4 Jul 1 14:51 ha2/f1/
user:smb:rwxp-D-ARW-Co-:-------:allow
user:nfs:rwxp-D-ARW-Co-:-------:allow
owner@:--------------:-------:deny
owner@:rwxp---A-W-Co-:-------:allow
group@:-w-p----------:-------:deny
group@:r-x-----------:-------:allow
everyone@:-w-p---A-W-Co-:-------:deny
everyone@:r-x---a-R-c--s:-------:allow
Thanks,
John
-----Original Message-----
From: afshin.ardak...@sun.com [mailto:afshin.ardak...@sun.com] Sent:
Wednesday, July 01, 2009 6:17 PM
To: John Keiffer
Cc: cifs-disc...@opensolaris.org
Subject: Re: [cifs-discuss] [nfs-discuss] Why can't we write to files
created in multi-protocol se
How does the ACL for 'f1' look like?
Afshin
John Keiffer wrote:
Well... I may have had an idamp problem before, which I believe I've
now corrected. This is my current idamp config:
add "wingroup:Domain us...@matrix.lab" unixgroup:group2
add winuser:engu...@matrix.lab unixuser:enguser
wingroup:Domain adm...@matrix.lab == gid:2147483650
wingroup:Authenticated Users == gid:2147483651
wingroup:Network == gid:2147483652
wingroup:administrat...@builtin == gid:2147483653
I still have some questions regarding access from both CIFS and NFS:
After steping on the file from Linux and vi with the ! I believe it
reordered the ACL's like this:
n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
user:enguser:rwxpdDaARWcCos:fd-----:allow
everyone@:------a-R-c--s:-------:allow
Which means that when I try and access it from Windows I can't,
because group2 has write deny (among other things). If I remove the
user ACL and insert it at the beginning, I can write again from
Windows...
n...@leo-ha2:/$ chmod A3- ha2/f1/cifs.txt
n...@leo-ha2:/$ chmod A0+user:enguser:rwxpdDaARWcCos:fd-----:allow
ha2/f1/cifs.txt
n...@leo-ha2:/$ ls -V ha2/f1/
total 2
----------+ 1 enguser group2 6 Jul 1 14:32 cifs.txt
user:enguser:rwxpdDaARWcCos:fd-----:allow
group:group2:rwxp----------:-------:deny
everyone@:r-x--------Co-:-------:deny
group:group2:-------------s:-------:allow
everyone@:------a-R-c--s:-------:allow
Until I ! save it again from Linux, because then the ACLs are changed
(such that nobody can do much of anything because of the deny lines):
n...@leo-ha2:/$ ls -V ha2/f1/cifs.txt
---------- 1 enguser group2 27 Jul 1 14:48 ha2/f1/cifs.txt
owner@:rwxp----------:-------:deny
owner@:-------A-W-Co-:-------:allow
group@:rwxp----------:-------:deny
group@:--------------:-------:allow
everyone@:rwxp---A-W-Co-:-------:deny
everyone@:------a-R-c--s:-------:allow
_______________________________________________
cifs-discuss mailing list
cifs-disc...@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
