Finally I have nearly everything moved to the new server. I’ve ended up using ACL for handling permissions for the CIFS shares. ACL isn’t too difficult to understand, but there aren’t too many resources on the net on it. Finding Daz’s “OpenSolaris cifs/smb server – configuring ACL’s on shares” article really helped. For example for the media files I did the following:
# groupadd mguest # groupadd media # useradd -g mguest mguest # zfs set aclinherit=passthrough tank/media # zfs set aclmode=passthrough tank/media # /usr/bin/chmod -R A=\ > owner@:rwxpdDaARWcCos:fd-----:allow,\ > group:media:rwxpdDaARWc--s:fd-----:allow,\ > group:mguest:rxaARWcs:fd-----:allow,\ > everyone@:rwxpdDaARWcCos:fd-----:deny \ > /tank/media/
So basically every read only device uses the mguest user account and anyone who needs to edit the stuff belongs to media group. For some reason
group:mguest:read_set:fd:allow
didn’t work for read access.
One catch is to remember to use /usr/bin/chmod and not /usr/gnu/bin/chmod as the latter doesn’t support ACL.