<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 05/10/2013 05:08 PM, Natxo Asenjo
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAHBEJzX7sj1RPBwucWnRbWB5pB807FDaLsfG3Q7Z6dPOfeHwbw@mail.gmail.com"
      type="cite">
      <div class="gmail_quote">On Fri, May 10, 2013 at 4:17 PM, Natxo
        Asenjo <span dir="ltr"><<a moz-do-not-send="true"
            href="mailto:natxo.asenjo@gmail.com" target="_blank">natxo.asenjo@gmail.com</a>></span>
        wrote:<br>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div class="gmail_quote">hi Siggi,
            <div class="im"><br>
              <br>
              On Fri, May 10, 2013 at 3:47 PM, Sigbjorn Lie <span
                dir="ltr"><<a moz-do-not-send="true"
                  href="mailto:sigbjorn@nixtra.com" target="_blank">sigbjorn@nixtra.com</a>></span>
              wrote:<br>
              <blockquote class="gmail_quote" style="margin:0 0 0
                .8ex;border-left:1px #ccc solid;padding-left:1ex">
                <div text="#000000" bgcolor="#FFFFFF">
                  <div>Hi,<br>
                    <br>
                    Did you set aclmode to passthrough too?<br>
                    <br>
                  </div>
                </div>
              </blockquote>
            </div>
          </div>
          <br>
          no but I just tried it and the linux nfsv4 client still
          ignores the inheritance:<br>
          <br>
          # zfs get all tank/testshare | grep acl<br>
          tank/testshare  aclmode               passthrough            
          local<br>
          tank/testshare  aclinherit            passthrough            
          local<br>
          <br>
        </blockquote>
        <div><br>
          following up, I found this: <a moz-do-not-send="true"
            href="https://www.illumos.org/issues/3571">https://www.illumos.org/issues/3571</a><br>
          <br>
          and setting <br>
          <br>
          # zfs set aclmode=restricted tank/testshare<br>
          <br>
          seems to do the trick from the linux client side.<br>
          <br>
          I need to test it a bit further.<br>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
    Hi,<br>
    <br>
    I was testing this a while back and had similiar issues to you. I
    ended up setting both aclmode and aclinherit to passtrough, and
    setting a different ACL than what you've done.  I have pasted my
    setup below. This allows access from both Linux and Windows to the
    same files, with access mainly controlled by the LDAP group
    "ldap_group". Files created by nfs clients also generate the owner@
    group@ and everyone@, this has not been an issue for me. Files can
    still be accessed from both Linux and Windows.<br>
    <br>
    This is on NexentaStor, which is still not having support for
    aclmode=restricted. It seem like aclmode=restricted would also do
    the trick, from what I can read about aclmode=restricted.<br>
    <br>
    NAME        PROPERTY    VALUE          SOURCE<br>
    p00/public  aclmode     passthrough    local<br>
    p00/public  aclinherit  passthrough    local<br>
    <br>
    <br>
    ls -lvd p00/public/<br>
    drwx--S---+ 12 root     root          21 May 10 17:38 p00/public/<br>
         0:group:ldap_group:list_directory/read_data/add_file/write_data<br>
            
    /add_subdirectory/append_data/read_xattr/write_xattr/execute<br>
            
    /read_attributes/write_attributes/delete/read_acl/synchronize<br>
             :file_inherit/dir_inherit:allow<br>
         1:user:root:list_directory/read_data/add_file/write_data<br>
            
    /add_subdirectory/append_data/read_xattr/write_xattr/execute<br>
            
    /delete_child/read_attributes/write_attributes/delete/read_acl<br>
            
    /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow<br>
         2:user:nfs:read_attributes/synchronize:allow<br>
    <br>
    <br>
    <br>
    <br>
    /usr/sun/bin/ls -lvd p00/public/created_linux.txt <br>
    -rw-r--r--+  1 sigbjorn root           0 May 10 17:40
    p00/public/created_linux.txt<br>
         0:group:ldap_group:read_data/write_data/append_data/read_xattr<br>
            
    /write_xattr/execute/read_attributes/write_attributes/delete<br>
             /read_acl/synchronize:inherited:allow<br>
        
    1:user:root:read_data/write_data/append_data/read_xattr/write_xattr<br>
            
    /execute/delete_child/read_attributes/write_attributes/delete<br>
             /read_acl/write_acl/write_owner/synchronize:inherited:allow<br>
        
    2:owner@:read_data/write_data/append_data/read_xattr/write_xattr<br>
            
    /read_attributes/write_attributes/read_acl/write_acl/write_owner<br>
             /synchronize:allow<br>
        
    3:group@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow<br>
        
    4:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize<br>
             :allow<br>
    <br>
    <br>
    /ls -lvd p00/public/created_windows.txt <br>
    ----------+  1 sigbjorn root           0 May 10 17:41
    p00/public/created_windows.txt<br>
         0:group:ldap_group:read_data/write_data/append_data/read_xattr<br>
            
    /write_xattr/execute/read_attributes/write_attributes/delete<br>
             /read_acl/synchronize:inherited:allow<br>
        
    1:user:root:read_data/write_data/append_data/read_xattr/write_xattr<br>
            
    /execute/delete_child/read_attributes/write_attributes/delete<br>
             /read_acl/write_acl/write_owner/synchronize:inherited:allow<br>
    <br>
    <br>
    <br>
    Regards,<br>
    Siggi<br>
    <br>
  </body>
</html>