[cifs-discuss] creator/owner - cifs/zfs

Afshin Salek Afshin.Ardakani at Sun.COM
Thu Apr 23 11:10:35 PDT 2009 

Creator Owner/Creator Group ACEs in Windows only take part in
inheritance not in access check and that's how CIFS server works.
This means if you have a Creator Owner ACE in ACL of a directory
and you create a file in that directory, the file's ACL will contain
an ACE for whoever created that file.

Creator Owner/Creator Group are not equivalent of ZFS owner@/group@
entries because owner@/group@ entries participate in access check.

Afshin


Espen Martinsen wrote:
> Hi, does anyone knows the solution to this:
> 
> I'm setting up a mixed environment, cifs/nfs on a ZFS filesystem, and are experiencing the following:
> 
> In windows, there is a special acl-entry called "CREATOR OWNER", (S-1-3-0), which
> can be assigned permissions.  
> (there is also a "CREATOR GROUP" S-1-3-1)
> 
> The purpose of this is a bit like "chmod u+rwx", ie it sets the permissions for whoever is
> the owner of the file.  When the cifs-server (I'll guess) receives this information, it resolves 
> this to an acl called 'user:<myusernam>'
> 
> Like this:
> $ ls -lV  win.txt
> ----------+  1 myname      mygroup      0 april 23 11:26 win.txt
>                user:myname:rwxpdDaARWcCos:-------:allow
>          group:mygroup:r-x---a-R-c--s:-------:allow
> 
> Now, the problem is when the file is "given" to another user, ie with "chown", then
> the acl for the previous user is still there.
> $pfexec chown coop win.txt
> $ ls -lV  win.txt
> ----------+  1 coop    mnemonic       0 april 23 12:11 win.txt
>                user:myname:rwxpdDaARWcCos:-------:allow
>          group:mygroup:r-x---a-R-c--s:-------:allow
> 
> I can't understand it anyway else that it could be
> nice to have a way to map:
> 
> creator user  : S-1-3-0 :    to the owner at -acl  (chmod A+owner@:.......)
> creator group: S-1-3-1 :    to the group at -acl
> 
> The same way that the special-ACL "Everyone" in windows map to the
> everyone at -ACL.
> 
> On a ZFS filesystem, we then would have a way to set up the "unix-perm-bits rwx" from
> the windows-gui.
> 
> Is all this making any sense ???
> 
> yours
> espenM

More information about the cifs-discuss mailing list