OpenZFS on OS X

[Bingo]

Hey

I want to use a couple of zpools in Windows for applications, games, etc.

I'm having a problem right now with file permissions. Datasets seem to be configured correctly for Windows (I'm guessing, since I don't really use Windows except for particular apps - I'm used to macOS and Manjaro). Owner is "SYSTEM" by default, and "Administrators" - which would include me - have full permissions.

However, every file or folder I create is, well, created, but it is owned by SYSTEM, and I then have to provide UAC administrator elevation to do anything, like renaming. This also means that files created by apps fail, e.g. trying to download with Firefox results in a 0-byte file being created, and it then fails as it either wants to rename it, or it wants to move a temporary *.part file to the final destination file.

I've tried taking ownership of everything, giving full permissions to every user account, I've tried,

Code: Select all

takeown /f T: /r /d y

and

Code: Select all

icacls T:/* /reset /t

, but it simply does not help.

I've tried setting xattr to off, acltype to "none," and aclmode and aclinherit both to "discard," but again to no avail.

I cannot create a folder or a file on any ZFS dataset without having to immediately provide administrator privileges afterwards to do anything with it. It's driving me nuts

If I format a regular drive, this simply never happens. What is going on? How do I make it stop?

Is there a way to just completely remove ACLs/permissions from a pool or a dataset, as if it were FAT32 or exFAT?

Thanks.

BTW: This is a fresh Windows 10 LTSC 21H2 installation with the latest cumulative update installed.

[jawbroken]

if you're creating these folders and files at the root of the pool then you get the same behaviour by default on macOS i think. personally, i just put everything inside a folder in the pool (e.g. pool/files) which works great, but there's probably a nicer way to fix this. i've just been doing it since the pre-OpenZFS/ZEVO days and haven't looked much into it

[gea]

Windows ntfs ACL (and Solaris/Illumos nfs4 ACL) are much more advanced than Posix ACL or permissions on OSX or Linux. They support worldwide unique sid identifiers, fine granular permissions, inheritance and groups in groups. On OSX or Linux you cannot set them remote properly but both must respect permission settings (must be done on Windows Explorer locally or remotely as admin via Security > Properties). ZFS wise you should set acltype to nfs4 (ntfs alike) and aclinherit/aclmode to passthrough.

Then create a ZFS filesystem and share it via SMB (avoid nested shared filesystems). Set default ACL permissions on that filesystem ex

- allow everyone read for this folder only
- allow everyone to create folders for this folder and folders below

This will allow everyone access to the share and to create a folder with creator=owner=full access
and others without access to this folder.

You can also create a folder and set permissions for selected users and groups (as admin with inheritance).
On a subfolder you can delete inheritance and set different ACL sets.