[Samba] zfs acls and MS office applications

Tom Lieuallen toml at engr.orst.edu
Tue Oct 20 20:01:26 MDT 2009 

I'm trying to use zfs acls in solaris 10.  I've looked at past posts 
regarding this and some online help, but am stuck.  I'm currently using 
samba 3.3.9; I've had the same problem with 3.3.7.  samba is compiled 
and running as an Active Directory member server (compiled with ldap and 
kerberos).  The zfs disk is local.  I'm not using winbind.  I compiled 
with zfsacl module.

Permissions appear just fine in solaris.  Plus I can read/write with 
notepad and use other applications such as acrobat.  However, Microsoft 
Office 2007 won't open or save files.  I haven't tried other versions of 
Office; they're not handy.

The following is the configuration for the share:

[testzfs]
     comment  = test
     path     = /moe2
     browseable = true
     public   = false
     writable = true
     inherit permissions = yes
     acl check permissions = False
     vfs objects = zfsacl
     inherit acls = yes
     nfs4: mode = simple
     nfs4: acedup = merge
     zfsacl: acesort = dontcare
     map archive = no
     map hidden = no
     map read only = no
     map system = no

The zfs permissions I'm testing look like this.  This is for the parent 
directory; files within have the same permissions (sans the inheritance).


moe-lh /moe2/office/student_workers 546# ls -vd .
drwxrws---+  2 toml     cefac          5 Oct 20 18:36 ./
      0:group:cefac:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow
      1:group:cefac:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:allow
      2:group:ceoffstu:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:file_inherit/dir_inherit/inherit_only:allow
      3:group:ceoffstu:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:allow
      4:group:ceoffstu:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:allow
      5:owner@::deny
      6:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
          /append_data/write_xattr/execute/write_attributes/write_acl
          /write_owner:allow
      7:group@::deny
      8:group@:list_directory/read_data/add_file/write_data/add_subdirectory
          /append_data/execute:allow
      9:everyone@:list_directory/read_data/add_file/write_data
          /add_subdirectory/append_data/write_xattr/execute/write_attributes
          /write_acl/write_owner:deny
      10:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow


thank you

Tom Lieuallen
Oregon State University

More information about the samba mailing list