So giving OmniOS/Napp-It a try and running into real bugbears of problems. Most of the threads I've googled for are about permission setting, but I don't feel mine is in the same vein. These look more like bugs.
So I have setup OmniOS with Napp-It by USB install for OmniOS, setup a pfexec user at install, setup networking after reboot, install latest updates, then installed Napp-It via the pfexec user. Open up the browser, point to the address, and Napp-It setup completed. Can login and do stuff. Up to this point all is well.
Trying to setup shares however it seems like permissions are broken. In order to ensure the best possible scenario, I have created a blank zfs filesystem environment (auxtank/test) excluding the data that already exists. I wanted to make sure no permission problems could possibly be here by starting with a blank slate.
Start SMB sharing on auxtank/test. I have the following settings:
At this point, everything is still working without issue. I can browse the share by going to \\omniosce\test and create folders, add files, etc. No problems.
Okay, time to make things more limited. Per the directions here I want to make it so that I can browse the share, but cannot edit files or delete. READ ONLY. So I go to ACL onSMB Shares and click on acl-set to change the feature from modify_set to read_set. Set property.
Now this happens:
everyone@ is gone. It is replaced by my read_set which I wanted, but user/group has changed to user:root. I cannot do anything with the share. Okay then, ++ add trivial ACL@, select everyone@ and read_set. Set property. Now I have:
Delete user:root line. Now I have:
Well, this is what I wanted. Had to go around my elbow to get there, but here we are. Seems bugged. Oh but wait. I still can't access the share you say? Correct. I cannot access the share. In order to get access back to the share, I have to use at a minimum an acl-set of modify_set. No others will work. So... no read only? I can only have modify permissions or full permissions, no ability to just read?
On another note, I also attempted to set stuff manually with the field next to acl-set, acl. This also appears to be a bug. In the popup window, I see the following:
(r) list_directory is not selected, there is no check mark in the box. Yet, the acl field shows it there:
Both lower and upper case R are listed. I ran across this bug? when attempting to use the "write_set" acl-set ( which does not natively have r selected ) and attempting to select it. It doesn't work.
-----
For completion sake, here are the same notes from command line:
From the "ACL on folders" screen I can select acl-set and update such that stuff updates without anything like the bugs? of the "ACL on SMB Shares":
The everyone@ group does not change into user:root like what happens on "ACL on SMB Shares". The (r) list_directory option under acl actually shows up as checked. Unfortunately that's where the good news ends:
This is the everyone group, it has read_set. I can no longer list the directory contents as supervisor from command line:
Returning everyone to modify_set:
How about specifying the user directly?
Why? Why does the read permissions not work?
So I have setup OmniOS with Napp-It by USB install for OmniOS, setup a pfexec user at install, setup networking after reboot, install latest updates, then installed Napp-It via the pfexec user. Open up the browser, point to the address, and Napp-It setup completed. Can login and do stuff. Up to this point all is well.
Trying to setup shares however it seems like permissions are broken. In order to ensure the best possible scenario, I have created a blank zfs filesystem environment (auxtank/test) excluding the data that already exists. I wanted to make sure no permission problems could possibly be here by starting with a blank slate.
Start SMB sharing on auxtank/test. I have the following settings:
Code:
ACL of folder /auxtank/test
drwxrwxrwx+ 6 root root 6 Feb 3 18:44 (777)
ACL User/ Group acl acl-set details inheritance type option
0 user:root rwxpdDaARWcCos full_set rd(acl,att,xatt) wr(acl,att,xatt,own) add(fi,sdir) del(yes,child) x, s file,dir allow delete
1 everyone@ rwxpdDaARWc--s modify_set rd(acl,att,xatt) wr(att,xatt) add(fi,sdir) del(yes,child) x, s file,dir allow delete
ACL of SMB share test (/auxtank/test/.zfs/shares/test)
-rwxrwxrwx+ 1 root root 0 Feb 3 18:37 (-777)
ACL User/ Group acl acl-set details inheritance type option
0 everyone@ rwxpdDaARWc--s modify_set rd(acl,att,xatt) wr(att,xatt) del(yes,child) x, s folder only allow delete
Okay, time to make things more limited. Per the directions here I want to make it so that I can browse the share, but cannot edit files or delete. READ ONLY. So I go to ACL onSMB Shares and click on acl-set to change the feature from modify_set to read_set. Set property.
Now this happens:
Code:
ACL of SMB share test (/auxtank/test/.zfs/shares/test)
-r--------+ 1 root root 0 Feb 3 18:37 (-400)
ACL User/ Group acl acl-set details inheritance type option
0 user:root r-----a-R-c--- read_set rd(acl,att,xatt) folder only allow delete
Code:
ACL of SMB share test (/auxtank/test/.zfs/shares/test)
-r--r--r--+ 1 root root 0 Feb 3 18:37 (-444)
ACL User/ Group acl acl-set details inheritance type option
0 user:root r-----a-R-c--- read_set rd(acl,att,xatt) folder only allow delete
1 everyone@ r-----a-R-c--- read_set rd(acl,att,xatt) folder only allow delete
Code:
ACL of SMB share test (/auxtank/test/.zfs/shares/test)
-r--r--r-- 1 root root 0 Feb 3 18:37 (-444)
ACL User/ Group acl acl-set details inheritance type option
0 everyone@ r-----a-R-c--- read_set rd(acl,att,xatt) folder only allow delete
On another note, I also attempted to set stuff manually with the field next to acl-set, acl. This also appears to be a bug. In the popup window, I see the following:
Code:
Change property auxtank/test/: acl
[ ] (r) list_directory
[ ] (w) add_file
[ ] (x) execute
[ ] (p) add_subdirectory
[ ] (d) delete
[ ] (D) delete_child
[x] (a) read_attributes
[ ] (A) write_attributes
[x] (R) read_xattr
[ ] (W) write_xattr
[x] (c) read_acl
[ ] (C) write_acl
[ ] (o) write_owner
[ ] (s) synchronize
Code:
ACL of SMB share test (/auxtank/test/.zfs/shares/test)
-r--r--r-- 1 root root 0 Feb 3 18:37 (-444)
ACL User/ Group acl acl-set details inheritance type option
0 everyone@ r-----a-R-c--- read_set rd(acl,att,xatt) folder only allow delete
-----
For completion sake, here are the same notes from command line:
Code:
supervisor@omniosce:/auxtank$ ls -V
total 72
drwxrwxrwx+ 13 1000 1000 13 Feb 3 17:49 backups
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWc--s:fd-----:allow
drwxrwxrwx+ 6 root root 6 Feb 3 18:33 filerun
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWc--s:fd-----:allow
drwxrwxrwx+ 6 root root 6 Feb 3 18:44 test
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWc--s:fd-----:allow
Code:
ACL of folder /auxtank/test
drwxr--r--+ 6 root root 6 Feb 3 18:44 (744)
ACL User/ Group acl acl-set details inheritance type option
0 user:root rwxpdDaARWcCos full_set rd(acl,att,xatt) wr(acl,att,xatt,own) add(fi,sdir) del(yes,child) x, s file,dir allow delete
1 everyone@ r-----a-R-c--- read_set rd(acl,att,xatt) file,dir allow delete
Code:
supervisor@omniosce:/auxtank$ ls -V
total 72
drwxrwxrwx+ 13 1000 1000 13 Feb 3 17:49 backups
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWc--s:fd-----:allow
drwxrwxrwx+ 6 root root 6 Feb 3 18:33 filerun
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWc--s:fd-----:allow
drwxr--r--+ 6 root root 6 Feb 3 18:44 test
user:root:rwxpdDaARWcCos:fd-----:allow
everyone@:r-----a-R-c---:fd-----:allow
Code:
supervisor@omniosce:/auxtank$ ls -V test
test/New folder: Permission denied
test/more: Permission denied
test/test: Permission denied
total 0
Code:
supervisor@omniosce:/auxtank$ ls -V test
total 3
drwxrwxrwx+ 2 michael staff 2 Feb 3 18:44 New folder
user:root:rwxpdDaARWcCos:fd----I:allow
everyone@:rwxpdDaARWc--s:fd----I:allow
drwxrwxrwx+ 2 michael staff 2 Feb 3 18:38 more
user:root:rwxpdDaARWcCos:fd----I:allow
everyone@:rwxpdDaARWc--s:fd----I:allow
drwxrwxrwx+ 2 michael staff 2 Feb 3 18:38 test
user:root:rwxpdDaARWcCos:fd----I:allow
everyone@:rwxpdDaARWc--s:fd----I:allow
Code:
ACL of folder /auxtank/test
drwxr--r--+ 6 root root 6 Feb 3 18:44 (744)
ACL User/ Group acl acl-set details inheritance type option
0 user:root rwxpdDaARWcCos full_set rd(acl,att,xatt) wr(acl,att,xatt,own) add(fi,sdir) del(yes,child) x, s file,dir allow delete
1 user:supervisor r-----a-R-c--- read_set rd(acl,att,xatt) file,dir allow delete
2 everyone@ r-----a-R-c--- read_set rd(acl,att,xatt) file,dir allow delete
Code:
supervisor@omniosce:/auxtank$ ls -V test
test/New folder: Permission denied
test/more: Permission denied
test/test: Permission denied
total 0