<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 05/10/2013 05:08 PM, Natxo Asenjo
wrote:<br>
</div>
<blockquote
cite="mid:CAHBEJzX7sj1RPBwucWnRbWB5pB807FDaLsfG3Q7Z6dPOfeHwbw@mail.gmail.com"
type="cite">
<div class="gmail_quote">On Fri, May 10, 2013 at 4:17 PM, Natxo
Asenjo <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:natxo.asenjo@gmail.com" target="_blank">natxo.asenjo@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="gmail_quote">hi Siggi,
<div class="im"><br>
<br>
On Fri, May 10, 2013 at 3:47 PM, Sigbjorn Lie <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:sigbjorn@nixtra.com" target="_blank">sigbjorn@nixtra.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi,<br>
<br>
Did you set aclmode to passthrough too?<br>
<br>
</div>
</div>
</blockquote>
</div>
</div>
<br>
no but I just tried it and the linux nfsv4 client still
ignores the inheritance:<br>
<br>
# zfs get all tank/testshare | grep acl<br>
tank/testshare aclmode passthrough
local<br>
tank/testshare aclinherit passthrough
local<br>
<br>
</blockquote>
<div><br>
following up, I found this: <a moz-do-not-send="true"
href="https://www.illumos.org/issues/3571">https://www.illumos.org/issues/3571</a><br>
<br>
and setting <br>
<br>
# zfs set aclmode=restricted tank/testshare<br>
<br>
seems to do the trick from the linux client side.<br>
<br>
I need to test it a bit further.<br>
<br>
</div>
</div>
</blockquote>
<br>
Hi,<br>
<br>
I was testing this a while back and had similiar issues to you. I
ended up setting both aclmode and aclinherit to passtrough, and
setting a different ACL than what you've done. I have pasted my
setup below. This allows access from both Linux and Windows to the
same files, with access mainly controlled by the LDAP group
"ldap_group". Files created by nfs clients also generate the owner@
group@ and everyone@, this has not been an issue for me. Files can
still be accessed from both Linux and Windows.<br>
<br>
This is on NexentaStor, which is still not having support for
aclmode=restricted. It seem like aclmode=restricted would also do
the trick, from what I can read about aclmode=restricted.<br>
<br>
NAME PROPERTY VALUE SOURCE<br>
p00/public aclmode passthrough local<br>
p00/public aclinherit passthrough local<br>
<br>
<br>
ls -lvd p00/public/<br>
drwx--S---+ 12 root root 21 May 10 17:38 p00/public/<br>
0:group:ldap_group:list_directory/read_data/add_file/write_data<br>
/add_subdirectory/append_data/read_xattr/write_xattr/execute<br>
/read_attributes/write_attributes/delete/read_acl/synchronize<br>
:file_inherit/dir_inherit:allow<br>
1:user:root:list_directory/read_data/add_file/write_data<br>
/add_subdirectory/append_data/read_xattr/write_xattr/execute<br>
/delete_child/read_attributes/write_attributes/delete/read_acl<br>
/write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow<br>
2:user:nfs:read_attributes/synchronize:allow<br>
<br>
<br>
<br>
<br>
/usr/sun/bin/ls -lvd p00/public/created_linux.txt <br>
-rw-r--r--+ 1 sigbjorn root 0 May 10 17:40
p00/public/created_linux.txt<br>
0:group:ldap_group:read_data/write_data/append_data/read_xattr<br>
/write_xattr/execute/read_attributes/write_attributes/delete<br>
/read_acl/synchronize:inherited:allow<br>
1:user:root:read_data/write_data/append_data/read_xattr/write_xattr<br>
/execute/delete_child/read_attributes/write_attributes/delete<br>
/read_acl/write_acl/write_owner/synchronize:inherited:allow<br>
2:owner@:read_data/write_data/append_data/read_xattr/write_xattr<br>
/read_attributes/write_attributes/read_acl/write_acl/write_owner<br>
/synchronize:allow<br>
3:group@:read_data/read_xattr/read_attributes/read_acl/synchronize:allow<br>
4:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize<br>
:allow<br>
<br>
<br>
/ls -lvd p00/public/created_windows.txt <br>
----------+ 1 sigbjorn root 0 May 10 17:41
p00/public/created_windows.txt<br>
0:group:ldap_group:read_data/write_data/append_data/read_xattr<br>
/write_xattr/execute/read_attributes/write_attributes/delete<br>
/read_acl/synchronize:inherited:allow<br>
1:user:root:read_data/write_data/append_data/read_xattr/write_xattr<br>
/execute/delete_child/read_attributes/write_attributes/delete<br>
/read_acl/write_acl/write_owner/synchronize:inherited:allow<br>
<br>
<br>
<br>
Regards,<br>
Siggi<br>
<br>
</body>
</html>