Wednesday, February 12, 2014

Setup SMB on Solaris 11 Journal

https://groups.google.com/forum/#!topic/comp.unix.solaris/RlBJMUnQmIM
http://www.oracle.com/technetwork/articles/servers-storage-admin/solaris-zfssmb-sharing-2390458.html

No following symlinks in shares, unless they are on the same filesystem.

Install SMB on Solaris 11
pkg install service/file-system/smb


How to Configure the SMB Server in Workgroup Mode

Enable the SMB service.
# svcadm enable -r smb/server

(Optional) Change the SMB server to operate in a different workgroup.

# smbadm join -w WORKGROUP

Edit the /etc/pam.conf file to support creation of an encrypted version of the user's password for SMB.
other    password required    pam_smb_passwd.so.1    nowarn

Specify the password for existing local users

# passwd feijiangnan
# cat /var/smt/smbpasswd


How to Create an SMB Share (zfs)
Create a ZFS pool and a mixed-case ZFS file system that supports cross-protocol locking.


# zpool create pool-name vdev
# zfs create -o nbmand=on fsname

Enable SMB sharing for the ZFS file system.
# zfs set sharesmb=on fsname

(Optional) Create an SMB share that has non-default property values or an SMB share for a directory other than the mount point of the dataset.
# zfs set share=name=myshare,path=/mntpnt/directory,prot=smb pool-name/fsname

(Optional) Specify additional SMB share properties.
# zfs set share=name=smb_share,path=/mntpnt/dir2,prot=smb,csc=auto rpool/export/horse

# zfs set share=name=smb_share,prot=smb rpool/export/horse

Verify how the file system is shared.
# cat /etc/dfs/sharetab

# zfs set sharesmb=on rpool/export/horse
# svcadm restart smb/server



# zfs get aclmode rpool/export/home/feijiangnan

NAME                    PROPERTY  VALUE        SOURCE

rpool/export/home/feijiangnan  aclmode   discard  default

# zfs set aclmode=passthrough rpool/export/home/feijiangnan

# zfs get aclmode rpool/export/home/feijiangnan

NAME                    PROPERTY  VALUE        SOURCE

rpool/export/home/feijiangnan  aclmode   passthrough  local

# chmod -R A+user:feijiangnan:read_data/write_data/execute:file_inherit/dir_inherit:allow testdir

# chmod -R A-user:feijiangnan:read_data/write_data/execute:file_inherit/dir_inherit:allow testdir

# chmod -R A+user:feijiangnan:full_set:file_inherit/dir_inherit:allow horse

Hide dot file

root@feifs:/export/horse# ls -a/c
total 16
drwxr-xr-x+  4 root     root           6 Feb  3 10:37 .
                {A------m----}
drwxr-x---   2 root     sys            3 Jan 31 11:02 .$EXTEND
                {AH-S---m----}
drwxr-xr-x   4 root     sys            4 Jan 31 10:45 ..
                {A------m----}
-rw-r--r--+  1 root     root          27 Feb  3 10:37 .profile
                {A------m----}
-rwx------+  1 feijiangnan     staff         15 Feb  3 10:36 abc.txt
                {A------m----}
drwx------+  2 feijiangnan     staff          3 Feb  3 10:37 testdir
                {A------m----}
root@feifs:/export/horse#
root@feifs:/export/horse# find . -name '\.*' -type f -exec chmod S+cH {} \;
root@feifs:/export/horse# ls -a/c
total 16
drwxr-xr-x+  4 root     root           6 Feb  3 10:37 .
                {A------m----}
drwxr-x---   2 root     sys            3 Jan 31 11:02 .$EXTEND
                {AH-S---m----}
drwxr-xr-x   4 root     sys            4 Jan 31 10:45 ..
                {A------m----}
-rw-r--r--+  1 root     root          27 Feb  3 10:37 .profile
                {AH-----m----}
-rwx------+  1 feijiangnan     staff         15 Feb  3 10:36 abc.txt
                {A------m----}
drwx------+  2 feijiangnan     staff          3 Feb  3 10:37 testdir
                {A------m----}


# idmap add -d "winuser:*@*" "unixuser:*"
add -d  winuser:*@*     unixuser:*




Posted by at No comments:

ZFC ACL Journal

Create Sub Folder
# mkdir acltest1
# ls -dv acltest1
drwxr-xr-x   2 root     root           2 Jan 22 12:42 acltest1
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

#  chmod A+user:feijiangnan:read_data/write_data/execute:allow acltest1

# ls -dv acltest1
drwxr-xr-x+  2 root     root           2 Jan 22 12:42 acltest1
     0:user:feijiangnan:list_directory/read_data/add_file/write_data/execute:allow
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     2:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     3:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
# mkdir acltest1/subdir
# ls -dv acltest1/subdir
drwxr-xr-x   2 root     root           2 Jan 22 13:41 acltest/subdir
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

Granting ACL Inheritance on Files and Directories
# mkdir acltest2
# ls -dv acltest2
drwxr-xr-x   2 root     root           2 Jan 22 13:44 acltest2
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
# chmod A+user:feijiangnan:read_data/write_data/execute:allow acltest2

# chmod A+user:feijiangnan:read_data/write_data/execute:file_inherit/dir_inherit:allow acltest2

chmod A+user:jlopez3:read_data/write_data/execute:file_inherit/dir_inherit:allow acltest2

# ls -dv acltest2
drwxr-xr-x+  2 root     root           2 Jan 22 14:10 acltest2
     0:user:feijiangnan:list_directory/read_data/add_file/write_data/execute
         :file_inherit/dir_inherit:allow
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     2:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     3:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

# mkdir acltest2/subdir
# ls -dv acltest2/subdir
drwxr-xr-x+  2 root     root           2 Jan 22 14:13 acltest2/subdir
     0:user:feijiangnan:list_directory/read_data/execute:file_inherit/dir_inherit
         /inherited:allow
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     2:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     3:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

# chmod A+user:feijiangnan:read_data/write_data:dir_inherit:allow acltest2
# mkdir acltest2/subdir
# ls -dv acltest2/subdir
drwxr-xr-x+  2 root     root           2 Jan 22 14:03 acltest2/subdir
     0:user:feijiangnan:list_directory/read_data:dir_inherit/inherited:allow
     1:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     2:group@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow
     3:everyone@:list_directory/read_data/read_xattr/execute/read_attributes
         /read_acl/synchronize:allow

Owner inherit ACL from parents directory.
# zfs set aclmode=mask pond/whoville

# zfs set aclinherit=restricted pond/whoville

root@biserver:~# zfs get aclinherit rpool/export/home/feijiangnan
NAME                    PROPERTY    VALUE       SOURCE
rpool/export/home/feijiangnan  aclinherit  restricted  default
root@biserver:~# zfs get aclmode rpool/export/home/feijiangnan
NAME                    PROPERTY  VALUE    SOURCE
rpool/export/home/feijiangnan  aclmode   discard  default
root@biserver:~#

# chmod A+group:dba:modify_set:allow acltest1

# zfs get aclmode rpool/export/home/feijiangnan
NAME                    PROPERTY  VALUE        SOURCE
rpool/export/home/feijiangnan  aclmode   discard  default

# zfs set aclmode=passthrough rpool/export/home/feijiangnan

# zfs get aclmode rpool/export/home/feijiangnan
NAME                    PROPERTY  VALUE        SOURCE
rpool/export/home/feijiangnan  aclmode   passthrough  local
Posted by at No comments:

Friday, February 7, 2014

Install subversion client on Solaris

Install SVN Client on Solaris 11
# pkg install developer/versioning/subversion
Posted by at No comments:
Subscribe to: Posts (Atom)