Access Control List Inheritance Issues
Access control list (ACL) behavior differs between Windows systems and ZFS file systems on Oracle Solaris systems. You might experience Windows ACL inheritance problems because of the access control entry (ACE) ordering used by the default ZFS ACL.
The default ZFS ACL is designed to comply with POSIX, which results in the interleaving of allow
and deny
ACEs. Windows expects all deny
ACEs to precede all allow
ACEs.
You can override the default ZFS behavior by changing the ACL on the root directory to provide the equivalent of Everyone:FullControl
as follows:
$ chmod 777 /pool-name $ chmod A=everyone@:rwxpdDaARWcCos:fd:allow /pool/dataset
For information about the chmod
options, see the chmod
(1) man page.
You can verify the ACL by viewing it on Windows or by running the following command on an Oracle Solaris system:
$ ls -V -d /pool/dataset
You can apply this ACL recursively to all subdirectories and files for existing file systems from Windows or from the Oracle Solaris OS.
If you apply the ACL when the file system is first created, the ACL will be propagated according to the normal inheritance rules.
If a directory has a default ZFS ACL, when a file or folder is created in this directory from Windows, it has two ACEs: one for the owner and one for SYSTEM. To change this behavior, update the root directory's ACL by running the chmod
commands.