Re: [zfs-discuss] ZFS Export, Import = Windows sees wrong groups in ACLs

Sat, 12 Sep 2009 20:18:43 -0700 

> How are the parent and kids defined in the /etc/passwd file?

These two are parents (names changed) :

Dad:x:101:10:Dad:/export/home/Dad:/bin/bash
Mom:x:102:1::/home/Mom:/bin/sh

and these are the kids:

Kid_a:x:103:1::/home/Kid_a:/bin/sh
Kid_b:x:104:1::/home/Kid_b:/bin/sh
Kid_c:x:105:1::/home/Kid_c:/bin/sh

You didn't ask, but here is what the groups look like in the /etc/group file:

kids::101:
parents::102:
family::103:

> What do the ACLs look like?

The ACL for my music folder, for example, is:

dr-xr-xr-x+246 root     root         246 Aug 26 00:16 music
              everyone@:r-x---a-R-c--s:fd-----:allow
             group:kids:rwxpdDaARWcCos:fd-----:allow

When I went in and edited the /etc/group file so parents were GID 101 and kids 
were GID 102, OSOL happlily reported the ACL as:

dr-xr-xr-x+246 root     root         246 Aug 26 00:16 music
              everyone@:r-x---a-R-c--s:fd-----:allow
             group:parents:rwxpdDaARWcCos:fd-----:allow

but Windows continued to report that the kids had permissions.  Having read a 
bit more I know ZFS stores the full ACL with SID.  This must then get mapped, 
somehow, to UNIX UIDs and GIDs and mapped a second time to CIFS users or 
groups.  The experiment above shows that the two mappings seem to be 
independant; the name Windows determines for a SID does not rely at all on UNIX 
GIDs or SIDs.

> Issues with the CIFS server are best served by asking on 
> cifs-discuss at opensolaris dot org

So I guess what this leads me to is that you are right, I'm not really asking 
about ZFS or the actual ACLs and SIDs but rather how and where the mapping from 
ZFS SID to CIFS user/group name happens.  That is obviously a topic for 
CIFS-Discuss.

BTW, I gave up and just "chmod -R ..." to set the permissions back how I wanted 
them.  It was still a real pain to do it that way because ZFS won't allow you 
to remove the last non-inherited ACL from a file or folder.  Meanwhile, it will 
happily let Windows do just that if you are setting the permissions from 
there... frustrating.

Thanks for the reply,
Owen Davies
-- 
This message posted from opensolaris.org
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to