Skip to content

CIFS, ACls, permissions and iTunes

November 13, 2009

If you share a file system using the CIFS server (not SAMBA) and create a file in that file system using Windows XP the file ends up with these strange permissions and an ACL like this:

: pearson FSS 12 $; ls -vd Bad d———+  2 cjg      staff          2 Nov 13 17:11 Bad      0:user:cjg:list_directory/read_data/add_file/write_data/add_subdirectory          /append_data/read_xattr/write_xattr/execute/delete_child          /read_attributes/write_attributes/delete/read_acl/write_acl          /write_owner/synchronize:allow      1:group:2147483648:list_directory/read_data/add_file/write_data           /add_subdirectory/append_data/read_xattr/write_xattr/execute           /delete_child/read_attributes/write_attributes/delete/read_acl           /write_acl/write_owner/synchronize:allow  : pearson FSS 13 $;  

The first thing that riles UNIX some users is the lack of any file permissions, although things seem to work fine. The strange group ACL is for the local WINDOWS SYSTEM group. However the odd thing is for me it renders iTunes on the Windows system unable to see the files that it has created.

The solution is to add a default ACL to the root of the file system (well to every object in the file system if the file system is not new) that looks like this:


So this has the rather pleasant side effect of setting the UNIX permissions to something more recognisable:

: pearson FSS 20 $; ls -vd Good drwxr-xr-x+  2 cjg      staff          2 Nov 13 18:16 Good      0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory          /append_data/read_xattr/write_xattr/execute/delete_child          /read_attributes/write_attributes/delete/read_acl/write_acl          /write_owner/synchronize:file_inherit/dir_inherit/inherited:allow      1:everyone@:list_directory/read_data/read_xattr/execute/read_attributes          /read_acl:file_inherit/dir_inherit/inherited:allow : pearson FSS 21 $; 

and the even more pleasant side effect of making iTunes works again!


From → Solaris

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: