ZFS snapshots readable over samba - Permission

[Ira Cooper]

On Mon, Oct 3, 2011 at 7:14 PM, Jeremy Allison <jra at samba.org> wrote:

> On Mon, Oct 03, 2011 at 06:39:47PM -0400, Ira Cooper wrote:
> > Bobo:
> >
> > How are are the shares in samba exported?  On a per user basis or all of
> /usr/
> > home in one share?
> >
> > Also is there a reason why each user doesn't have their own ZFS
> subvolume?  It
> > makes quotas and general administration easier.
> >
> > Jeremy,
> >
> > Expected paths:
> >
> > /usr/home/foo/.profile ; foo's .profile
> > /usr/home/.zfs/snapshot/daily.0/.profile ; Foo's profile yesterday.
> (assuming
> > the snapshot is called daily.0)
> >
> > With subvolumes:
> >
> > /usr/home/foo/.profile ; foo's profile
> > /usr/home/foo/.zfs/snapshot/daily.0/.profile ; Foo's profile yesterday.
>
> Yes, the subvolume mechanism is the way to go. The non-subvolume
> case will run into the default "wide links = no" setting.
>

(re-reading)

It should be:

Expected paths:

/usr/home/foo/.profile ; foo's .profile
/usr/home/.zfs/snapshot/daily.0/foo/.profile ; Foo's profile yesterday.
(assuming the snapshot is called daily.0)

The other thing that can be done is to move the share's export point to the
/usr/home level.  Then there is only one share for all the users, and you
should get out of the wide-links problem.  Note: Security shouldn't depend
on what share they connect to, it should depend on the base OS level
security.  But the call is yours.

I'd still encourage you to look at sub volumes.  It is the "normal" way to
do this.  In fact a ZFS homedir server having 100's of volumes is far from
unheard of.  You'll be happy you did, when you run into the "disk space hog"
user.

Best of luck,

-Ira