[Samba] frustrations with shares

Thu Aug 4 16:40:56 UTC 2016

"NFS" in this case is referring to NFSv4-style ACLs vs Posix-style ACLs. In
general, I believe the best way to manage ZFS ACLS is to enable the
"zfsacl" VFS module, chown the root directory of the share so that it's
owned the user you'll be doing admin from. Then in Windows File Explorer
navigate to \\<samba server>, right-click on the share, click properties,
click on the security tab, and fine-tune the ACL as needed.

Other methods of modifying ACLs on your NAS4Free server are the command
line utilities "smbcacls" and "setfacl", but using a windows client is
probably the best way of doing this. "getfacl" can be used to view ACLs.

Since you're dealing with ZFS ACLs, it might also be a good idea to set the
"aclmode" property of the dataset you're sharing via samba to "restricted".
The comand to do this is "zfs set aclmode=restricted <pool>/<dataset>"
(i.e. "zfs set aclmode=restricted Tank/Samba"). This will cause chmod to
return an error when used on any file or directory which has a non-trivial
ACL whose entries cannot be represented by a mode. In short, it prevents
chmod from breaking your ACLs.

On Thu, Aug 4, 2016 at 1:33 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:

> I dont know much about Solaris, but i found this.
>
> There are problems with ACL's across platforms:
> the uid has to match numerically
> the gid has to match numerically
> the NSF mount has to support the ACL operations, e.g., if the ACL grants
> write, but the remote file system is read-only then the ACL can not be
> honored.
> See:
> http://nfs.sourceforge.net/nfs-howto/ar01s06.html
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Gaiseric Vandal
> > Verzonden: woensdag 3 augustus 2016 19:45
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] frustrations with shares
> >
> > On Solaris at least , ZFS is using NFS acl's not posix.     (not sure
> > how different the two are.)    I did find that setting file permissions
> > in solaris wouldn't always behave as I expected.  (Samba was compiled
> > with ZFS support.) Sometimes easier to make your self the owner of the
> > directory then set the permissions via windows.
> >
> >
> >
> >
> > On 08/02/16 09:42, L.P.H. van Belle wrote:
> > > A "good" acl manual.
> > > http://www.vanemery.com/Linux/ACL/linux-acl.html
> > >
> > > As i do prefeer the debian os, but i do really like the archlinux wiki.
> > > https://wiki.archlinux.org/index.php/Access_Control_Lists
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> > >> -----Oorspronkelijk bericht-----
> > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Frank Kahle
> > >> Verzonden: dinsdag 2 augustus 2016 13:55
> > >> Aan: 'David Bear'
> > >> CC: 'samba'
> > >> Onderwerp: Re: [Samba] frustrations with shares
> > >>
> > >> Do you have a good doc that you can point me to?
> > >>
> > >>
> > >>
> > >> Sincerely,
> > >> Frank
> > >>
> > >>
> > >>
> > >> From: David Bear [mailto:dwbear75 at gmail.com]
> > >> Sent: Saturday, July 30, 2016 10:46 PM
> > >> To: Frank Kahle <fkahle at filecatalyst.com>
> > >> Cc: samba <samba at lists.samba.org>
> > >> Subject: Re: [Samba] frustrations with shares
> > >>
> > >>
> > >>
> > >> using posix acls?
> > >>
> > >>
> > >>
> > >> On Wed, Jul 27, 2016 at 10:47 AM, Frank Kahle <
> fkahle at filecatalyst.com
> > >> <mailto:fkahle at filecatalyst.com> > wrote:
> > >>
> > >> I am trying to allow users with permissions in one group (DEV) to have
> > >> full
> > >> access to a folder that is owned by (QA).  I have not been able to
> > figure
> > >> this out.  Its running samba 4.2 in WORKGROUP mode (I can find
> > everything
> > >> for domain but I am not ready for that). Its running on freebsd on the
> > >> latest nas4free build NAS with a ZFS file system..
> > >>
> > >>
> > >>
> > >> Thanks in advance
> > >>
> > >>
> > >>
> > >> Frank Kahle
> > >>
> > >> FileCatalyst | Unlimi-Tech Software
> > >>
> > >> Recipient of the 66th Annual Technology and Engineering EmmyR Award
> > >>
> > >> +             1 613 667 2439 ext 114
> > >>
> > <tel:1%20613%20667%202439%20%20%20%20%20%20%20%20%20%20%20%
> 20%20%20%20%20e
> > >> xt%20114>
> > >>
> > >>                  1 877 327 9387 <tel:1%20877%20327%209387>
> > >> NA toll-free
> > >>
> > >>                  1 613 986 4896 <tel:1%20613%20986%204896>
> > >> mobile
> > >>
> > >>
> > >>
> > >>   <http://www.filecatalyst.com> www.filecatalyst.com
> > >> <http://www.filecatalyst.com>
> > >>
> > >> 1725 St. Laurent Blvd, #205
> > >>
> > >> Ottawa, On
> > >>
> > >> K1G 3V4
> > >>
> > >>
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions:  https://lists.samba.org/mailman/options/samba
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> --
> > >>
> > >> David Bear
> > >>
> > >> mobile: (602) 903-6476
> > >>
> > >>
> > >>
> > >> --
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>