[OmniOS-discuss] ZFS ACL Solaris CIFS and Windows client

Günther Alka alka at hfg-gmuend.de
Tue Apr 28 17:22:34 UTC 2015 

Lets’s begin with ZFS properties
- aclinhert: passthrough
- aclmode: does not matter for CIFS 

Next, set idmappings
- in Workgroup mode: do not set any user mappings (only group mappings)
- in Domain mode: set domainadmins => root

Next: join AD Domain (for domain mode)

Next: SMB connect
- use root (requires a passwd root to generate s SMB password) or
- use an Domain Admin account (requires the idmapping to root)

Windows version:
- you need Windows Pro or Windows server (no home edition)

Now you should be able to set ownership and ACL on files and folders.

If you want to set ACL on shares, you must
- SMB connect as a user that is a member of the Administrators group
- use Computer Management on Windows and connect OmniOS


Gea


> Am 28.04.2015 um 14:09 schrieb Sebastian Gabler <sequoiamobil at gmx.net>:
> 
> Hi,
> 
> I am a bit stuck in getting my ACL management straight for the CIFS shares I run. What I would like to do is to set all the ACLs from Windows. What does not work right now is to assign ownership to a sharepoint or an object below it to a different user, i.e. to set ownership as the Domain Administrator to a specific user. I get an error message that a "Restore" privilege would be missing, but the error message is unclear if that applies to the current context (Domain Administrator), or the prospective owner. I can set full control for that user, however.
> Specifically,
> 1. I am wondering how to get, from my illumos machine, the privileges applicable on an object for a certain user.
> 2. finding out what is required to take/provide ownership, specifically of a sharepoint, from Windows, (ACLs, idmap, ZFS acl modes and inhertiance modes, etc), and in what hierarchy things apply.
> I am aware that this may be a FAQ, but I didn't find comprehensive documentation on the matter. The Oracle docs are focussed to explain how things work from the Solaris side, most HowTos that include the Windows side are not deep enough.
> 
> Thanks for any hints.
> 
> With best regards,
> 
> Sebastian
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com
> http://lists.omniti.com/mailman/listinfo/omnios-discuss

More information about the OmniOS-discuss mailing list