This post is more than 5 years old
4 Posts
0
1329
June 10th, 2015 12:00
OneFS 7.1.1.2 create SMB share in CLI
When creating an SMB share through the cli when there is an existing folder with data in it will it "Apply windows default ACLs" or leave them as they are?
0 events found
No Events found!
Stdekart
104 Posts
0
June 11th, 2015 13:00
Hello DAVIDF,
Creating a share through the CLI will not default to "Apply Windows default ACLs" as the WebUI does.
If you would like to have them applied the --inheritable-path-acl=yes flag can be used through command line.
I ran through a test just to validate and to show the difference:
Created two directories /ifs/data/user1 and /ifs/data/user2
Prior to creating a share on the directories
isi720x-1# isi smb shares list
Share Name Path
--------------------------------------------
break_it /ifs/data
home /ifs/hdfs/home
ifs /ifs
share1 /ifs/data
share2 /ifs/data
share3 /ifs/data
share4 /ifs/data
test /ifs/test
wmi8test /ifs/scratch/wmi8testinstruments
--------------------------------------------
Total: 9
Checking permissions prior to creating a share
isi720x-1# ls -led user1
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user1
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow default_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
isi720x-1# ls -led user2
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user2
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow dir_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
Using the --inheritable-path-acl=yes on user 1
isi720x-1# isi smb shares create --path=/ifs/data/user1 --inheritable-path-acl=yes --name=user1
and not on user2
isi720x-1# isi smb shares create --path=/ifs/data/user2 --name=user2
Validating the shares have been created
isi720x-1# isi smb shares list
Share Name Path
--------------------------------------------
break_it /ifs/data
home /ifs/hdfs/home
ifs /ifs
share1 /ifs/data
share2 /ifs/data
share3 /ifs/data
share4 /ifs/data
test /ifs/test
user1 /ifs/data/user1
user2 /ifs/data/user2
wmi8test /ifs/scratch/wmi8testinstruments
--------------------------------------------
Total: 11
Checking permissions after the shares where created.
Notice user1 changed to default windows ACL's
isi720x-1# ls -led user1
drwxrwxr-x + 2 root wheel 0 Jun 11 15:05 user1
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,dacl_protected
0: group:Administrators allow dir_gen_all,object_inherit,container_inherit
1: creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only
2: everyone allow dir_gen_read,dir_gen_execute
3: group:Users allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
4: group:Users allow std_synchronize,add_file,add_subdir,container_inherit
user2 remains unchanged
isi720x-1# ls -led user2
drwxr-xr-x 2 root wheel 0 Jun 11 15:05 user2
OWNER: user:root
GROUP: group:wheel
SYNTHETIC ACL
0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:wheel allow dir_gen_read,dir_gen_execute
2: everyone allow dir_gen_read,dir_gen_execute
So by default we do not "Apply default windows ACL's" when creating a share through the CLI.
DAVIDF4
4 Posts
0
June 12th, 2015 06:00
Thanks for the response. That is what I was hoping for.
I need to create a lot of shares for data that I am copying over but didn't want to change the permissions on the folder since the copy also keeps the rights intact.