Hi,
I have a directory that I want to give "everyone" access to via SMB. I want "everyone" to be able to read, write, create files but NOT delete, append, change permissions.
I also want users of the group "mygroup" to have the ability to basically do everything.
This seems to work but I wanted to double check it:
I have some questions:
1. I didn't specify an "owner" because I allow guest access and if a guest creates a file it will be owned by them (nobody). I want them to have the same permissions as "everyone"... Is that safe or should I add an explicit owner ACL?
2. I _had_ to add the deny rule for append, delete, etc. Simply omitting it from the allow rule didn't work. Why is that?
3. If I ssh into my pool as root I can delete files in my dataset. Even though I would expect "root" to follow the ACLs and it should be treated as "everyone" because it's not the owner nor in the group of the file (and even if it was the owner I'd expect it to follow the "everyone" rule. Why is that? Does "rm" on local disk follow the "chmod" rules and not the ACLs?
Thank you
I have a directory that I want to give "everyone" access to via SMB. I want "everyone" to be able to read, write, create files but NOT delete, append, change permissions.
I also want users of the group "mygroup" to have the ability to basically do everything.
This seems to work but I wanted to double check it:
Code:
# file: . # owner: root # group: mygroup group@:rwxpDdaARWcCos:fd-----:allow everyone@:---pDd-A-W-Co-:fd-----:deny everyone@:rwx---a-R-c--s:fd-----:allow
I have some questions:
1. I didn't specify an "owner" because I allow guest access and if a guest creates a file it will be owned by them (nobody). I want them to have the same permissions as "everyone"... Is that safe or should I add an explicit owner ACL?
2. I _had_ to add the deny rule for append, delete, etc. Simply omitting it from the allow rule didn't work. Why is that?
3. If I ssh into my pool as root I can delete files in my dataset. Even though I would expect "root" to follow the ACLs and it should be treated as "everyone" because it's not the owner nor in the group of the file (and even if it was the owner I'd expect it to follow the "everyone" rule. Why is that? Does "rm" on local disk follow the "chmod" rules and not the ACLs?
Thank you