<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi,<br>
<br>
Did you set aclmode to passthrough too?<br>
<br>
<br>
<br>
Regards,<br>
Siggi<br>
<br>
<br>
On 05/10/2013 02:22 PM, Natxo Asenjo wrote:<br>
</div>
<blockquote
cite="mid:CAHBEJzX=qSNMPnA=i14x4CWgRStqm-46V53TVw2tWk8p+nhJYw@mail.gmail.com"
type="cite">hi,<br>
<br>
maybe (probably) not really on topic for the omnios list.<br>
<br>
I have a zfs dataset shared both for cifs as for nfs. On the data
set I use this:<br>
<br>
# zfs get aclinherit tank/testshare<br>
NAME PROPERTY VALUE SOURCE<br>
tank/testshare aclinherit passthrough local<br>
<br>
Next I applied this acl to the /tank/testshare filesystem:<br>
<br>
# /bin/ls -vd /tank/testshare/<br>
drwxrwxrwx+ 12 root root 13 May 10 13:16
/tank/testshare/<br>
0:everyone@:list_directory/read_data/add_file/write_data<br>
/add_subdirectory/append_data/read_xattr/write_xattr/execute<br>
/delete_child/read_attributes/write_attributes/delete/read_acl<br>
/write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow<br>
<br>
So basically anyone may do whatever they want to the content of
the dataset.<br>
<br>
Windows clients respect the acl, I can copy files and dirs from
other disks/shares and the acl on the dataset is respected.<br>
<br>
Now, linux nfs4 clients respect the acl when creating files or
dirs but when copying files/dirs they ignore the acl inheritance
and use the umask setting, so I wind up with unusable files for
the windows clients.<br>
<br>
This issue was discussed in some length in the zfs-discuss list (<a
moz-do-not-send="true"
href="http://www.mentby.com/Group/zfs-discuss/who-is-using-zfs-acls-in-production.html">http://www.mentby.com/Group/zfs-discuss/who-is-using-zfs-acls-in-production.html</a>).
Unfortunately, no solution appears on the thread.<br>
<br>
Is this a linux client problem that should be fixed on the linux
client side? Are there any settings per dataset to make the server
ignore the umask request of the client to enforce the dataset acl
like the cifs implemention does?<br>
<br>
TIA,<br clear="all">
<div>--<br>
Groeten,<br>
natxo</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OmniOS-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OmniOS-discuss@lists.omniti.com">OmniOS-discuss@lists.omniti.com</a>
<a class="moz-txt-link-freetext" href="http://lists.omniti.com/mailman/listinfo/omnios-discuss">http://lists.omniti.com/mailman/listinfo/omnios-discuss</a>
</pre>
</blockquote>
<br>
</body>
</html>