Last active
August 29, 2015 14:21
-
-
Save sjorge/351aa504224d7b329f42 to your computer and use it in GitHub Desktop.
pbd-samab4 with zfsacl
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Testing repo: http://5.135.127.102/2014Q4/x86_64/All/ | |
| Just add as additional repository | |
| Remove net/samba4 and cleanup left over files | |
| Install net/pbd-samba4 | |
| Prepare dataset for ACL's and create a share called 'zfsacl' | |
| zfs create -o casesensitivity=mixed -o nbmand=on -o utf8only=on -o aclmode=passthrough -o aclinherit=passthrough -o mountpoint=/share zones/`zonename`/data/shares | |
| zfs create -o quota=512M zones/`zonename`/data/shares/zfsacl | |
| Preparing test users. | |
| groupadd users | |
| groupadd test1 | |
| groupadd test2 | |
| useradd -g test1 -G staff test1 | |
| useradd -g test2 -G users test2 | |
| passwd test1 | |
| passwd test2 | |
| smbpasswd -a test1 | |
| smbpasswd -a test2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### | |
| ## give staff group full permission and give users group read-only permissions | |
| ### | |
| /bin/chmod A- /share/zfsacl | |
| /bin/chmod A0=group@:--------------:fdi----:allow /share/zfsacl | |
| /bin/chmod A1=owner@:--------------:fdi----:allow /share/zfsacl | |
| /bin/chmod A+group:staff:rwxpdDaARWcCos:-d-----:allow /share/zfsacl | |
| /bin/chmod A+group:staff:rw-pdDaARWcCos:f------:allow /share/zfsacl | |
| /bin/chmod A+group:users:r-x---a-R-c--s:-d-----:allow /share/zfsacl | |
| /bin/chmod A+group:users:r-----a-R-c--s:f------:allow /share/zfsacl | |
| /bin/chmod A+everyone@:--------------:fdi----:allow /share/zfsacl |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [global] | |
| ## Enable user-based security and map unknown users to the Guest user | |
| security = user | |
| encrypt passwords = true | |
| #map to guest = bad user | |
| guest account = nobody | |
| ## Store DOS attributes in extended attributes (no mapping) | |
| map hidden = no | |
| map system = no | |
| map archive = no | |
| map readonly = no | |
| store dos attributes = yes | |
| ## Extended attributes | |
| ea support = yes | |
| [zfsacl] | |
| path = /share/zfsacl | |
| public = yes | |
| writable = yes | |
| vfs objects = zfsacl shadow_copy2 | |
| veto files = /.zfs/ | |
| delete veto files = yes | |
| shadow:snapdir = .zfs/snapshot | |
| shadow:sort = desc | |
| nfs4:mode = special | |
| nfs4:acedup = merge | |
| nfs4:chown = yes | |
| map acl inherit = yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment