ACLs on files and folders
Each file and folder on OmniOS has an owner (root or the creator), Unix permissions
(traditional Unix permissions like 755) and NFS4 ACL permissions.
If you enter for example at console
/usr/bin/ls -V /var/web-gui/napp-it
you may get as a result
root@datanode-01:/root# /usr/bin/ls -V /var/web-gui/_my
total 2
drwxr-xr-x 2 napp-it root 2 Mar 19 15:00 wwwroot
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
drwxr-xr-x 3 napp-it root 3 Mar 19 15:00 zfsos
user:2147484183:rwxp-DaARWc--s:fd-----:allow
owner@:rwxp--aARWcCos:-------:allow
group@:r-x---a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow
Owner (napp-it), group (root), Unix permissions like drwxr-xr-x and ACLs like
owner@:rwxp--aARWcCos:-------:allow or auser ACL are shown.
Windows SID informations are not shown here as they are used in the CIFS server only.
ACLs can be assigned to OmniOS/AD users, OmniOS/SMB or AD groups or as a trivial ACL to owner@,
group@ or everyone@ to be compatible to traditional Unix permissions.
You can modify ACL permissions with the /usr/bin/chmod command, per Windows or per napp-it ACL
extension. Modifying ACL via CLI command is really stupid. Especially with napp-it free, you can use Windows
(beside Home editions) to modify permissions. To do this, you can login to the SMB share from Windows as
user root. A right-mouse click >> Property on a file or folders opens the Windows property dialog
where you can select Security. Set Permissions just like you would do on a real Windows server.
Good to know:
User root or the owner/creator have always full access, you
cannot lock them out - even if permission is not set
explicitely. This is normal on Unix and different to Windows
(and a boon for any admin doing backups)
If you set ACL on a folder, they are per default inherited
to newly created files and folders unless you set „inherit to
this folder only“ The user that is logged in is the owner of
new files and folders (with full permission).
You can override this behaviour with the ZFS property
acl inheritance = discard or restricted (default is pass-
through).
Windows processes first deny rules then allow. Solaris pro-
cesses them in their order where the first matching rule is
relevant. To set correct deny rules, use napp-it/ ACL extension
Содержание ZFS Storage
Страница 8: ...3 1 ZFS Configurations...
Страница 45: ...Example Map Chenbro 50 x 3 5 Bay...