History

ZFS Permissions

The simplest way of setting up permissions is probably using ACL's with inheritance instead of UNIX-type access rights.

(Via Forum topic on setting up permissions)

  • Set unix permissions of shared folder to 755 or 777 (needed for guest access)
  • Handle the whole thing via ACL, set it from Windows
  • Remove default acl 
/usr/sun/bin/chmod A- /pool/folder

Set ACL to new defaults:

Everyone can modify: 

/usr/sun/bin/chmod A=everyone@:modify_set:file_inherit/dir_inherit:allow /pool/folder

Root has all rights: 

/usr/sun/bin/chmod A+user:root:full_set:file_inherit/dir_inherit:allow /pool/folder

To make it more Windows-like: 

zfs set aclinherit=passthrough /pool/folder

Set all other CiFS rights (acl only) within Windows - based on your Nexenta user or smb-groups (workgroup mode) or domain-user/groups (domain mode). ACL's are Windows-like. If you need guest access or share a folder via NFS (use NFS3 for a ESXi datastore), set ACL-permissions from Windows recursively to modify for everybody on your SMB + NFS shared folder.

You can also use the below command

/usr/sun/bin/chmod -R A=owner@:full_set:d:allow,\
owner@:full_set:f:allow,\
everyone@:rxaARWcs:d:allow,\
everyone@:raARWcs:f:allow \
$1

See also

ZFS ACLs from Mark Shellenbaum's Weblog

Solaris ACL from the blog of Ben Rockwood

Solaris ZFS Administration Guide

Also available in: HTML TXT