I have a Samba share with ACLs used to control access to the files. There are two groups - let's call them "ordinary" and "admin" users - I want the admin users to be able to see and browse certain old snapshots, which I've set to be shown by default in ZFS properties, and removed from veto files in Samba (along with allowing
(As an aside,
Relevant getfacl results:
wide links=yes
in case it's a mountpoint issue). Right now the .zfs dir does show up (for all users) - but I can't use it over Samba because of two issues:- Cannot traverse even though permissions say it should be possible:
getfacl
shows that classical Unix permissions for all users include "r-x" on .zfs and .zfs/dataset, which should make .zfs and .zfs/snapshot traversable by anyone, but they don't seem to be traversable via Samba, even for users who can traverse and browse all other dirs in the share. - Difficulty setting ACLs on the .zfs dir:
getfacl
shows that I have ACLs set on the dataset itself, and on variousdataset/.zfs/snapshot/{snapname}
directories, but returns "Operation not permitted" when I try and set them on .zfs or .zfs/snapshot itself.
getfacl
complaining about, and how can I work around it?(As an aside,
setfacl
also - probably more reasonably :D - won't let me change ACLs on individual dataset/.zfs/snapshot/{snapname}
directories, which stops me from fixing older snapshots created before I got ACLs set up. If I really want to fix the last of these in future, is there anything short of restoring each snap to a new pool one at a time, fixing ACLs, and resnapshotting on the new pool with the old name, that'll do it?)Relevant getfacl results:
# file: /mnt/mypool/data/dataset1
# owner: root
# group: share_users
group:share_users_denied_access:rwxpDdaARWcCo-:fd-----:deny
owner@:rwxpDdaARWcCo-:fd-----:allow
group@:rwxpDdaARWcCo-:fd-----:allow
# file: /mnt/mypool/data/dataset1/.zfs/
# owner: root
# group: wheel
user::r-x
group::r-x
other::r-x
# file: /mnt/mypool/data/dataset1/.zfs/snapshot/
# owner: root
# group: wheel
user::r-x
group::r-x
other::r-x
# file: /mnt/mypool/data/dataset1/.zfs/snapshot/manual-snap_2018.03.04-04.45.00
# owner: root
# group: share_users
group:share_users_denied_access:rwxpDdaARWcCo-:fd-----:deny
owner@:rwxpDdaARWcCo-:fd-----:allow
group@:rwxpDdaARWcCo-:fd-----:allow
Last edited: