napp-it ZFS Storage Скачать руководство пользователя | Manualshive

Страница: 32 / 63

background image

ACL settings for multi-user SMB access

some basic examples for File and Folder ACL settings

Goal:
- everyone can access and read files from a share like data (data is a filesystem below a pool named tank)
- everyone can modify files in data/common and below
- user paul is the only one to access data/paul and below

needed ACL settings:

folder /tank/data:

allow everyone@=readx (read and execute), no-inherit, this folder only

folder /tank/data/common:

allow everyone@=modify, inherit to folders and subfolders

folder /tank/data/paul:

allow paul=modify or full, inherit to folders and subfolders

Goal:
- everyone can access and read from a share like data (data is a filesystem below a pool named tank)
read should be allowed only from folder /tank/data, not folders below
- everyone can create new folders but not files on data
- only the creator of a folder (=owner) has access to the new folder and below

needed ACL settings (aclmode must not restrict ownership when creating folders):

folder /tank/data:

allow everyone@=readx (read and execute), no-inherit, this folder only

allow everyone@=create_folder_set, inherit to folders and subfolders

allow owner@=modify or full, inherit to folders and subfolders

Goal:
- everyone can access and read from a share like data (data is a filesystem below a pool named tank)
- everyone can read files files on /tank/data/common and below
- members of SMB group „professors“ are allow to modify /tank/data/common and below
- only members of SMB group „professors“ are allowed to modify /tank/data/professors and below

needed ACL settings (aclmode must not restrict ownership when creating folders):

folder /tank/data:

allow everyone@=readx (read and execute), no-inherit, this folder only

folder /tank/data/common:

allow everyone@=readx, inherit to folders and subfolders

allow group:professors=modify, inherit to folders and subfolders

folder /tank/data/professors:

allow group:professors=modify, inherit to folders and subfolders

Active Directory: If you want to assign ACL to AD users, this may require that the AD user was

logged in once to a SMB share.

«
...
30
31
32
33
34
...
»

Содержание ZFS Storage

Страница 1: ...napp it ZFS Storage Server User s Guide Setup on OmniOS First steps published 2016 Oct 12 c napp it org Licence CC BY SA see http creativecommons org licenses by sa 2 0...

Страница 2: ...Groups Active Directory 13 NFS server 14 iSCSI FC server 15 Data scrubbing 16 Data snapshots versioning backup 17 Data replikation availability 18 Rollback and Clones 19 Operational settings 20 Applia...

Страница 3: ...le behind them Organizations don t innovate people do As the rise of Linux forced the market price of OS aquisition to zero that open sourcing the Solaris operating system was the right business decis...

Страница 4: ...ctive development with a stable every 6 months long term stable editions minimal OS just enough for a fully functional ZFS server for best stability free but with a commercial support option Just enou...

Страница 5: ...the GUI in production systems prefer Solaris Alternatively you can use the text edition of OpenIndiana or Solaris or OmniOS a minimalistic and very stable OpenSource distribution for storage and othe...

Страница 6: ...2 3 Storage Management via napp it on OmniOS OpenIndiana or Oracle Solaris ZFS Filesystems and disk details...

Страница 7: ...s for HA solutions based on Multipath IO prefer Sata disks with multiple HBAs without expander prefer 24 7 enterprise disks Rules for high capacity storage prefer raid Z2 vdevs with 6 or 10 disks or Z...

Страница 8: ...3 1 ZFS Configurations...

Страница 9: ...to add images with different mainboards disk sizes and napp it Step 3 Boot your server from the CloneZilla USB stick to restore napp it Select your keyboard type device image mode and a the source of...

Страница 10: ...2 select device image mode 3 select local_dev USB drive 4 Clonezilla is now ready to read the napp it image If the image is on an USB 3 stick or disk insert the stick now wait 5s press enter and selec...

Страница 11: ...ot working do a manual network setup see 5 2 2 Image is not compatible with your SSD use the ones that were used to create the image 3 Image is incompatible with your hardware do a manual setup and cr...

Страница 12: ...root Unix and SMB no password press enter twice passwd root 6 enable SSH root access via napp it menu Services SSH 7 Login via Putty to copy paste commands with a mouse right click 8 set TLS for encry...

Страница 13: ...setup a different OS version or a different ditribution ex OpenIndiana or Oracle Solaris or if the default cloning method of a preconfigured image fails Use a 32 GB or larger Sata SSD disk or Sata DOM...

Страница 14: ...te addr T dhcp e1000g0 dhcp add nameserver echo nameserver 8 8 8 8 etc resolv conf use DNS name resolution copy over DNS template cp etc nsswitch dns etc nsswitch conf install napp it online default f...

Страница 15: ...et O www napp it org nappit perl reboot or set current bootenvironment as default reboot set a root password this password is valid for Unix shell logins and SMB connects passwd root optional check cu...

Страница 16: ...laris 11 Express http archive is snZaS The archive is page refers to the old Solaris Express 11 page If you click on a description you are forwarded to the current Solaris 11 page If you click on Down...

Страница 17: ...t a remote console keyboard and the ability to mount ISOs like a lokal CD DVD drive IPMI window Java applet with a virtual keyboard and a console preview that can be displayed full size You can enable...

Страница 18: ...UI in menu Services SSH allow root As this can be a security problem you should disable remote root afterwards with menu Services SSH deny root Tips You can copy paste CLI commands with a right mouse...

Страница 19: ...LAN check modify Unix permissions and ownership To use WinSCP you must enable SSH on OmniOS This is the case per default but per default only allows that regular users can login not root An option is...

Страница 20: ...is menu set in production environments As Solaris is an enterprise OS you can use it for other services or applications as well example a Webserver or Databese Server You can use these services withou...

Страница 21: ...features that are needed to manage a ZFS storage appliance Napp it free is not crippleware or a product that is limited in essential features It is sufficient for many cases It is a stable state of na...

Страница 22: ...gn goal of ZFS Similar to oldstyle partitions you create ZFS filesystems on your pool but unlike old partitions you do not set a size of a filesystem as it can grow dynamically up to the poolsize If y...

Страница 23: ...have different ZFS properties can be replicated and has its own snapshots it is common to use as many filesystems as you like up to thousands example one filesystem per user create a ZFS pool with men...

Страница 24: ...the row of a filesystem example tank userdata to the entry under the column RES or RFRES enable sync write for a filesystem click in the row of a filesystem example tank userdata to the entry under th...

Страница 25: ...server on any X system can act as AD server a lot of sharing options nested shares shares independent from ZFS filesystems permissions are based on Unix UID GID Posix ACL this is a plus if you work ma...

Страница 26: ...et sharesmb off SMB permissions In contrast to other Unix services Solarish CIFS uses Windows alike NFS4 ACL with permission inheritance not traditional Unix permissions like 755 or Posix ACLs https e...

Страница 27: ...these users to all files even when there was no explicit permission set for admins as root has always full access ID mapping is available in menu Users napp it ACL extension Attention Do not map local...

Страница 28: ...sions with the usr bin chmod command per Windows or per napp it ACL extension Modifying ACL via CLI command is really stupid Especially with napp it free you can use Windows beside Home editions to mo...

Страница 29: ...data You can set share level ACL via napp it ACL extension or remotely via Windows server management You must connect a share server management as a user that is a member of the SMB admin group exampl...

Страница 30: ...t affects the mode The default mode for the aclinherit is passthrough napp it only aclmode Modifies ACL behavior when a file is initially created or controls how an ACL is modified during a chmod oper...

Страница 31: ...behaves different This is the reason why the Solaris CIFS server come with an own SMB group management that works independently from Unix groups If you need groups to restrict SMB access you must do...

Страница 32: ...ot restrict ownership when creating folders folder tank data allow everyone readx read and execute no inherit this folder only allow everyone create_folder_set inherit to folders and subfolders allow...

Страница 33: ...Server can be either a member of a workgroup use local user or a domain can use either local or domain user If you switch from domain to workgroup mode remove all mappings with idmap remove a If you j...

Страница 34: ...s this approach was replaced by COMSTAR a enterprise framework to manage iSCSI and FC environments When should you use iSCSI FC when you need a non ZFS filesystem like ext4 HFS NTFS or VMFS ex ESXi en...

Страница 35: ...pointers are not updated old data keeps valid and verified 3 If anything goes wrong this will be detected by checksums on next read and auto repaired self healing That does not mean that you cannot h...

Страница 36: ...ata no autorepair This may be different in future with ReFS but currently this is not a comparable option to ZFS ZFS snapshots ZFS snapshots are far better than the former solutions ZFS is a CopyOnWri...

Страница 37: ...Replikation If you need realtim sync with the exact same datastate at any time you can use a mirror between appliances You need two or more storage nodes independent ZFS storage servers that offer a Z...

Страница 38: ...s the snapshot from which it was created Creating a clone is nearly instantaneous and initially consumes no additional disk space In additi on you can snapshot a clone Clones can only be created from...

Страница 39: ...job Jobs backup create backup job tp backup basic OS and napp it settings to a pool Restore all user SMB groups idmappings and other napp it settings then via User Restore ACL extension Set autoscrub...

Страница 40: ...orts to a secure environment either based on a network adapter link or based on your networks Restrict access to file services Fileserveices like NFS3 do not offer authentication Access can be only li...

Страница 41: ...ks about 100MB s came up many years ago this was sufficient as storage capacity was quite low and performance of an average internal disk and network performance was quite similar Now storage is in th...

Страница 42: ...h faster than the e1000 vnic with the base vmxnet3 tuning The other tuning aspects are main ly relevant for external access or if you use a 10G nic in pass through mode for fastest external access Rem...

Страница 43: ...u need a switch with enough 10G ports This introduces two problems One is that 10G switches with more than two ports are quite expensive Then they are quite loud and only an option in a serverroom In...

Страница 44: ...nd assign disks to the map You can then printout a screenshot of a map an place it on the server as a reference If a disk fails the map allows to identify the slot of the failed disk Example demo maps...

Страница 45: ...Example Map Chenbro 50 x 3 5 Bay...

Страница 46: ...metadate update is done completely or discared ex due a crash So different states of mirrored disks or partly written raid stripes are not possible on ZFS by design So for daily use you are protected...

Страница 47: ...or overwriting un less you do not block with a snap A write action on ZFS that affects filestructure or Raid consistency is done ompletely or discared completely on a crash Result The CopyOnWrite mech...

Страница 48: ...e that contains all committed data what means that it only need to be able to store about 10s of writes Even with a single 10G connection about 8GB is enough This is why one of the fastest Slog device...

Страница 49: ...on the backup system From time to time replace the backup pool with a second one and keep the disks on a safe location outside Level 3 Professional use Care additionally about two backups on different...

Страница 50: ...e is updated only from time to time or to fix severe bugs After the eval period functionality is automatically reduced to the free features napp it Pro extends the functionality of napp it Free It is...

Страница 51: ...filesystem used IDmappings via Web UI Menu user Restore all napp it user smbgroup and idmapping settings from backup job data Menu user restore settings Without the extension you can control file per...

Страница 52: ...a common DNS server or manual host entries How replication works On initial run it creates a source snap jobid nr_1 and transfers the complete ZFS dataset over a netcat highspeed connection When the...

Страница 53: ...bers with Extensions Appliance group delete members and rebuild the group Replication requires that the napp it webserver is running on port 81 on source and target machine The replication itself is d...

Страница 54: ...anually With napp it Pro and the ACL extension you can easily restore all user group and napp it settings in menu User Restore Settings If you do not have a backup of the job and group settings first...

Страница 55: ...SID as an extended ZFS attribute Solarish SMB this is really troublefree Even in a Windows AD environment you only need to import a pool takeover the ip of the former server and your clients can acce...

Страница 56: ...d switch NFS SMB services over a common virtual HA ip You can extend this with two dedicated Storageheads for the Initiator part that creates the Z RAID Pool on LUNs from up to 6 Storagenodes for a ne...

Страница 57: ...is menu shows the state of the network Z RAID and allows to change the state of heads Master Slave and nodes You can do a manual failover between heads or a role switch from this menu more see Z RAID...

Страница 58: ...is the current default professional HA solution RSF 1 RSF 1 brings advanced HA High Availability features to ZFS providing a more resilient and robust storage offering tolerant to system failures Act...

Страница 59: ...ferent location on the drive Transaction Problems Disks are preferring RAM cached writes as this offers a much better write performance Database applications cannot tolerate this File or dataset locki...

Страница 60: ...che some seconds of last writes may get lost on a crash Older file systems may have corruption prob lems even without a cache because data may be written to disk but meta data might not have been upda...

Страница 61: ...ity of RAM errors increase with RAM size With several Gigabyte of RAM ECC is mandatory for a storage server Backup is used to restore a certain data version after a disk or array crash There are diffe...

Страница 62: ...ill be freed in order to be overwritten unless it is protected by a snapshot Checksums They are needed on order to detect and repair errors When using redundant data like in a RAID all data will be re...

Страница 63: ...pdf SMB 10G Tunings on OSX Windows http napp it org doc downloads performance_smb2 pdf Advanced user http www napp it org doc downloads advanced_user pdf Tuning http napp it org manuals tuning_en html...

Отзывы:

Нет отзывов

Похожие инструкции для ZFS Storage

Бренд: Zonet Страницы: 33

Бренд: Zonet Страницы: 8

Бренд: LaCie Страницы: 48

Бренд: Lantech Страницы: 49

Бренд: Quantum Страницы: 88

Бренд: IBM Страницы: 200

Бренд: Kanguru Страницы: 12

Бренд: X-Micro Страницы: 49

Бренд: Airlink101 Страницы: 13

Бренд: Jung Страницы: 16

Бренд: BELINEA Страницы: 53

CyberSWITCH CSX101

Бренд: Cabletron Systems Страницы: 72

Бренд: B+B SmartWorx Страницы: 50

Бренд: Cradlepoint Страницы: 2

Бренд: Doro Страницы: 50

OMNISTOR 4000f SERIES

Бренд: Rackable Systems Страницы: 112

SUPERSERVER 5017C-MF

Бренд: Supero Страницы: 96

A+ AS-2124US-TNRP

Бренд: Supermicro Страницы: 130

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды