{"id":496,"date":"2011-04-27T01:05:09","date_gmt":"2011-04-27T01:05:09","guid":{"rendered":"http:\/\/poojanwagh.opalstacked.com\/techblog\/?p=496"},"modified":"2011-04-27T01:05:09","modified_gmt":"2011-04-27T01:05:09","slug":"samba-and-zfs-nfsv4-acl-settings-for-freebsd","status":"publish","type":"post","link":"https:\/\/tech.poojanblog.com\/blog\/unix-linux\/samba-and-zfs-nfsv4-acl-settings-for-freebsd\/","title":{"rendered":"Samba and ZFS (NFSv4) ACL settings for FreeBSD"},"content":{"rendered":"<p>My latest security schemees that I&#8217;ve mapped the Samba guest user to a new user &#8220;samba_guest&#8221;. I&#8217;ve made nobody the owner of public shares. I&#8217;ve removed the allow settings for the &#8220;nobody&#8221; user. I then enable everyone to read:<br \/>\n<code><br \/>\nowner@:&#8212;&#8212;&#8212;&#8212;&#8211;:&#8212;&#8212;:deny<br \/>\ngroup@:-w-p&#8212;&#8212;&#8212;-:&#8212;&#8212;:deny<br \/>\ngroup@:r-x&#8212;&#8212;&#8212;&#8211;:&#8212;&#8212;:allow<br \/>\neveryone@:&#8212;-Dd-A-W-Co-:f&#8212;&#8211;:deny<br \/>\neveryone@:rwxp&#8211;a-R-c&#8211;s:-d&#8212;-:allow<br \/>\n<\/code><\/p>\n<p>Note that I&#8217;ve set up Samba with the ZFS ACL module. For each share, I&#8217;ve added the following entries:<\/p>\n<code><br \/>\n  vfs objects = zfsacl<br \/>\n  nfs4:mode = special<br \/>\n  nfs4:acedup = merge<br \/>\n  nfs4:chown = yes<br \/>\n<\/code>\n<div class='wp_likes' id='wp_likes_post-496'><a class='like' href=\"javascript:wp_likes.like(496);\" title='' ><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/tech.poojanblog.com\/blog\/wp-content\/plugins\/wp-likes\/images\/like.png\" alt='' border='0'\/><\/a><span class='text'>Be the first to like.<\/span><\/p>\n<div class='like' ><a href=\"javascript:wp_likes.like(496);\">Like<\/a><\/div>\n<div class='unlike' ><a href=\"javascript:wp_likes.unlike(496);\">Unlike<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>My latest security schemees that I&#8217;ve mapped the Samba guest user to a new user &#8220;samba_guest&#8221;. I&#8217;ve made nobody the owner of public shares. I&#8217;ve removed the allow settings for the &#8220;nobody&#8221; user. I then enable everyone to read: Note that I&#8217;ve set up Samba with the ZFS ACL module. For each share, I&#8217;ve added [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10],"tags":[135,136,13,3],"class_list":["post-496","post","type-post","status-publish","format-standard","hentry","category-unix-linux","tag-acl","tag-nfsv4","tag-samba","tag-zfs"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/posts\/496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/comments?post=496"}],"version-history":[{"count":3,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/posts\/496\/revisions"}],"predecessor-version":[{"id":499,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/posts\/496\/revisions\/499"}],"wp:attachment":[{"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/media?parent=496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/categories?post=496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tech.poojanblog.com\/blog\/wp-json\/wp\/v2\/tags?post=496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}