Setting up AFP share in Napp-it

[Derf]

I'm running Napp-it to go (latest) and have a Mac (Mountain Lion 10.8). I'm trying to create an online backup for the mac.

In Napp-it I've managed to create a pool from 4 disks, and make a ZFS filesystem (folder) on that pool. I then created a new local user/password, turned on AFP sharing for the ZFS folder, and enabled it to be shared for the local user. I could not access the folder from my mac at this point.

Then I enabled ACL sharing of that folder for that user.
I thought ACL sharing was only for NFS, but apparently I can't connect via AFP if I don't enable ACL for the folder.
I made the user have "modify_set" permissions for the ZFS folder.

I am able to connect to the server in my mac's Finder using my OmniOS local user name and password, and I can see the ZFS folder. However, I cannot write to the directory. What am I missing?

 

[gea]

First of all, Solaris ZFS is a filesystem that use always Windows alike NFS4-ACL for access restrictions (with Unixpermissions as a subset with some caveats). Netatalk 3 is ACL aware (respects ACL but you cannot set ACL from Macs).

Most Problems:
You must keep the default napp-it ACL on your shared folder (everyone@=modify) and restrict only on created files and folders. You also must set nbmand to off on a AFP shared filesystem.

 

[Derf]

Thanks Gea, I appreciate the help.

Unfortunately, nbmand was already set to off, and I have the default ACL for the folder (everyone@=modify_set), in addition to a local user (modify_set).

I can connect to the OmniOS server from OSX (it asks for a user/pass), and see the shared ZFS filesystem, but I am unable to create a folder from the remote OSX on the ZFS share. It will say Finder is requesting to make changes, please enter your password.

If I enter the user/pass for the OmniOS box, Finder tells me that is incorrect. If I enter my password for my account on OSX, I'm told I do not have permission to modify files on the ZFS share. I do notice that every time I "try" to create a new folder, the disk space "used" on the ZFS share increments by a few kb, as indicated in Napp-it.

 

[Derf]

Gea -
if you read this, can you give me help? I have shared the ZFS folder over AFP to OSX. I can access the share and move individual files to the ZFS folder, I can delete individual files from the ZFS folder, I can't create new directories and I cannot move folders (from OSX) to the ZFS folder.

Can you tell me why?

---- edit ----

I solved this problem by issuing the following commands over SSH

# zfs set aclinherit=passthrough "Pool/ZFS_folder"
# zfs set aclmode=passthrough "Pool/ZFS_folder"

 

[gea]

Gea -
if you read this, can you give me help? I have shared the ZFS folder over AFP to OSX. I can access the share and move individual files to the ZFS folder, I can delete individual files from the ZFS folder, I can't create new directories and I cannot move folders (from OSX) to the ZFS folder.

Can you tell me why?

---- edit ----

I solved this problem by issuing the following commands over SSH

# zfs set aclinherit=passthrough "Pool/ZFS_folder"
# zfs set aclmode=passthrough "Pool/ZFS_folder"

This is the default setting, you should not need to modify
(you can set/check via ACL extension in menu ZFS filesystems >> folder ACL)

 

[joisey04]

ok, having the same issue...
could someone please enlighten me on howto share a filesystem via afp?
I also can login but as soon as i want to create a folder it says no permission

how do i add a user to afp sharing?

edit:

after doing the same as Derf it no works here too......

# zfs set aclinherit=passthrough "Pool/ZFS_folder"
# zfs set aclmode=passthrough "Pool/ZFS_folder"

I have a freshly installed OMNIOS stable with napp-it on an all-in-one machine on esxi

 

[gea]

ok, having the same issue...
could someone please enlighten me on howto share a filesystem via afp?
I also can login but as soon as i want to create a folder it says no permission

how do i add a user to afp sharing?

- Create a new user (menu user): keep defaults (group = staff)
- create a afp share (menu filesystems): click on "off" on the filesystem under AFP to share
- keep defaults: login allowed: @staff and/or username as commalist


check
ZFS property nbmand on the filesystem: must be off for netatalk
ZFS- ACL: keep default everyone@=modify on the shared filesystem


for more detailed settings:
menu Service - AFP - settings

read also:
Netatalk 3.0 Manual

 

[joisey04]

thanks for your reply gea,

I did all that but only after executing the two zfs cmds from the prev. post made it work
i just tried it again

 

[joisey04]

gea, please help

I have the following problem.
If I add a folder or file from user "A" connected via AFP from a mac, the folder/file doesn't get the full/modify rights but instead those weird one.
I've attached a screen shot (ok, cannot add file, see below)
I want files created on that filesystem to be accessable by everyone or at least by everyone in a specific group or so.
What am i missing??

drwxr-sr-x+ 2 martin staff 3 Jul 17 22:14 (7r-s5)
ACL User/ Group acl acl-set details inheritance type option

0 user:root rwxpdDaARWcCos full_set rd(acl,att,xatt) wr(acl,att,xatt,own) add(fi,sdir) del(yes,child) x, s file,dir,inherited allow delete
1 owner@ rwxp--aARWcCos owner_default_set rd(acl,att,xatt) wr(acl,att,xatt,own) add(fi,sdir) x, s ------- allow delete
2 group@ r-x---a-R-c--s readxs_set rd(acl,att,xatt) x, s ------- allow delete
3 everyone@ r-x---a-R-c--s readxs_set rd(acl,att,xatt) x, s ------- allow delete


also, when I login to a ubuntu server where the storeage is mounted as an NFS share I get the following:
drwxrwsrwx 2 syslog uucp 6 Jul 17 22:43 ./
drwxrwxrwx 55 syslog uucp 61 Jul 17 22:43 ../
-rw-r--r-- 1 messagebus uucp 5760 Jul 17 22:43 file1.mp3
-rwxrwxrwx 1 messagebus uucp 3300 Jul 17 22:31 file2.mp3*
-rwxrwxrwx 1 messagebus uucp 3208 Jul 17 22:37 file3.doc*
-rwxrwxrwx 1 syslog uucp 2992 Jul 17 22:10 file4.txt*

 

[gea]

There is a basic problem:

Solaris CIFS is ACL and Windows SID only (from outside view, its like a real Windows server)
AFP can respect ACL (depend on compiling settings) but is mainly based on Unix uids/gids
NFS3 is based on network ip's and Unix uids without any user authentification

So they are basically completey imcompatibel. If you have any chance, go with one protocol
with CIFS as the one with most features and best availabilty on all platforms.

If you need to mix:
- set aclinheritance to pass-through
- set aclmode (behaviour on a unix chmod to restricted, means ignore chmod, newest Illumos based systems like OmniOS only)
- use NFS with a setting like everyone@=modify or full with a root@host setting for client ips to allow access independant from owner uid.
- use AFP with a setting like everyone@=modify or full on a share and correct allow-user/group settings during setup share

- use always ACL, forget that there are Unix permissions
- never use chmod to Unix permissions like 775 because chmod to unix permissions deletes ACL inheritance settings
- optionally reset ACL to a desired setting recursively

 

[joisey04]

ok gea,

i'm currently changing all machines to smb or cifs access (mac:smb, linux:cifs)
another, prob. trivial question: I have connected a smb share to ubuntu via cifs. Now all files and directories on that share are root:root with permission -rwxr-xr-x

I'm logged in as a user (no guest access) and I have reset the ACL settings
anything else I need to do?