My CIFS on ZFS ACL
July 20, 08 by cjgibbsSo if you didn’t quite understand that subject it means this post is about the ACL (access control list) I am using on my CIFS (common internet file system) shared ZFS (zetta file system). I’m fairly new to ACLs myself but Ben Rockwood wrote an extremely helpful post about them, so go check it out!
On to the subject of this post - If you share a ZFS filesystem with CIFS and create new entries from a windows computer (as one might do for a home file server), the resulting entries have zero permissions. For example, this is the ls -l result of a directory and a text file created from a windows system:
d---------+ 2 peemus staff 2 Jul 20 20:50 blee ----------+ 1 peemus staff 0 Jul 20 20:50 bloo.txt
Notice the +. It signifies that the entry has extended attributes (see Ben’s post), these are the attributes inherited from some Microsoft leprechaun on the windows machine - instead of inheriting the attributes of the parent entry. This is most annoying if you like to browse your data from the server side, as well as from the windows side. So to fix this, I created a custom ACL that when applied to the root shared directory will force child entries to inherit the correct permissions. So the example entries would now look like:
drwxr-xr-x+ 2 peemus staff 2 Jul 20 20:58 blee -rw-r--r--+ 1 peemus staff 0 Jul 20 20:58 bloo.txt
To make this happen just use chmod like so (and of course with -R if you want it to recursively apply the ACL):
chmod A=\ owner@:w:d:allow,\ owner@:w:f:allow,\ everyone@:rxpdDaARWcCos:d:allow,\ everyone@:rpdDaARWcCos:f:allow \ mySharedDir/
Of course you can change the permissions to be whatever you want.
