Page 1 of 1

File Permissions on ZFS

PostPosted: Tue Mar 13, 2018 1:31 pm
by BenNZ
I have a 6 disk RaidZ2 setup which I am using as a shared server drive at home. I had it on Zevo previously but have changed to O3X when I had to upgrade the server to Sierra as Zevo doesn't work anymore.

Since changing over from Zevo I have been having problems with file permissions - no matter what user owns the drive or folder, new files and folders appear to be assigned exclusively to the user that created them. This is a problem because the point of the drive is supposed to be that we can all put files on there and they're readable by everyone.
I recently did a rebuild of the array in O3X and have had the same issue since the rebuild

I would be fine to set it to ignore ownership on this volume but I can't get disk utility to give me that option for the ZFS pool as it is only listing the physical devices>

Does anyone know how to either set it to ignore ownership or configure access for a user group for entire file systems or folders and having them be the default for new files?

Re: File Permissions on ZFS

PostPosted: Tue Mar 13, 2018 5:05 pm
by lundman
Traditional UNIX style, would be to set a group on the top level directory, then set setgid on the directory:

Code: Select all
# chgrp staff /Volume/POOL
# chmod 2777 /Volume/POOL


Which means that anything created will automatically be in group "staff" and the setgid bit is retained:

Code: Select all
lundman$ mkdir hello
lundman$ ls -l
total 2
drwxr-sr-x  2 lundman  staff  2 Mar 14 09:59 fun
drwxr-sr-x  2 lundman  staff  2 Mar 14 10:00 hello


Which means others in "staff" can access bits as expected.
But this might not be enough.

You can turn on no-owners, for the dataset:

Code: Select all
# zfs set com.apple.ignoreowner=on POOL


I do not remember if it needs to be remounted, but you can confirm the setting with
Code: Select all
# mount
BOOM on /Volumes/BOOM (zfs, local, journaled, noowners)

Re: File Permissions on ZFS

PostPosted: Wed Mar 14, 2018 4:58 am
by macz
This is quite possibly the single most important topic surrounding storage and also perhaps the most infuriating thing with ZFS in general .. not just here but with Solaris ZFS and openZFS in any flavor.

When apple 'released' its 10a284 ZFS beta way back on snow leopard... it wasn't feature complete by any means but it had relatively good integration at the file system level... many of the problems we are still plagued with today, permissions, hfs compatibility, etc.. apple had ironed out a lot of that. you could set 'apple style' permissions using the finder gui and everything worked fine.. well no longer

Now I understand that much of what was done there by apple had to be abandoned due to the significant changes apple made to finder/file system code post snow leo.. and honestly.. this project evolved more from the other branches of OS X based ZFS like the google group and ZEVO which did not fork from 10a284 but from the release prior which was not as polished.

be that as it may.. here we are..

Not having formal training and certification in storage system engineering and administration... the cloud of fog that surrounds the intricacies of ACL and POSIX and especially the way they are handled in both OS X and ZFS causes issues.

I have a ominos based ZFS filer in my home network.. and it uses about as 'pure' a solaris ZFS model for ACL and POSIX as you can get..

sharing files with the kernel based SMB or is it CIFS.. never can keep it straight which version runs in user land and which runs at kernel .. ominOS zfs can use either.. has multiple layers of ACL there is the zfs sharing ACL and the native posix / ACLs on the files folders.. I think.

just like here its confusing.. its irritating.. it just doest work.. it needs massive curating to ensure 'some' level of acceptable behavior .. and ACL is very hard to work with in OS X..

moreover.. solaris zfs and the way its ACL permissions work.. was designed to make it most Windows ACL compliant possible. To the point the dev of Napp-it, while providing some ACL tools in the paid for Pro version of napp-it, suggests using Windows to edit and maintain the ACL settings on shares..


anyone here brave enough that actually does understand this willing to step up with a complete idiots guide to ACL and POSIX settings and zfs settings guide .. primer .. whatever...

we know that you can't use finder gui any longer but even setting posix permissions on a file, especially a folder, tends to break ZFS permissions and inheritance..

Thanks in advance...

Re: File Permissions on ZFS

PostPosted: Mon Mar 26, 2018 12:27 am
by BenNZ
Thank you :)

The ignore ownership method worked - If I go in and check I'm still getting all new files belonging solely to one account but its not affecting the users anymore

Re: File Permissions on ZFS

PostPosted: Sun Nov 29, 2020 9:20 am
by thedarkhalf
[quote="lundman"]Traditional UNIX style, would be to set a group on the top level directory, then set setgid on the directory:

Code: Select all
# chgrp staff /Volume/POOL
# chmod 2777 /Volume/POOL


Thank you! This worked for me: Just as an fyi: It's Volumes (msising the s)

Code: Select all
# chgrp staff /Volumes/POOL
# chmod 2777 /Volumes/POOL