Setting zfs permissions for CIFS/NFS/local interoperability
I've had a Solaris NAS for some time now, with data shared over NFS (for linux clients) and CIFS (for Windows clients). I've always had problems with permissions, i.e. getting files created from Windows to be accessible to Linux clients, and vice versa.
I've always sort of known what the issue was - I needed to understand the ACLs used in ZFS and to set the right ACLs at the top-level of the shared data store.
Well, over the weekend, I cracked it!
Here's what I did...
The following examples assume that the windows machine, Solaris NAS, and Linux clients all have a user named "robin" and that the uid is the same on both Solaris and Linux. In practise, I should set up a centralised single-sign on, e.g. LDAP. But, this works just for me!
I have a large zpool named "space" that contains all my data; it is mounted in the default location, /space. I keep my music library in /space/music/library. I want to be able to copy my newly-ripped music files to the appropriate location under /space/music/library/ and for my Squeezecenter application (running on a separate Linux machine) to have read-only access to them.
It turns out that the key to this problem was simply setting the correct permissions and turning on the "inherit" flags at the top of the directory tree.
These are the commands I used:
chmod -R A=owner@:full_set:file_inherit/dir_inherit:allow /space/music/library
chmod -R A+group@:read_set/execute:file_inherit/dir_inherit:allow /space/music/library
chmod -R A+everyone@:read_set/execute:file_inherit/dir_inherit:allow /space/music/library
This gives the file owner full permissions, and members of the file's group and everyone else read-only permissions. Strictly speaking, the group ACL is not required, but you may for example, want group members to also have full access permissions, which would require a separate ACL.
So, that's it - easy when you know how!