Tag Archives: zfs

OpenSolaris cifs/smb server – configuring ACL’s on shares

Posted on by No Comments ↓

O.k. from this  point I’m assuming you have created your zfs shares via the zfs command and renamed appropriately like so…..   (if you havent setup cifs yet then check read this)

zfs set sharesmb=on protected/backup

zfs set sharesmb=name=backup protected/backup

Now to check your current shares type…

sharemgr show

zfs

zfs/protected/backup
backup=/protected/backup

zfs/protected/photos
photos=/protected/photos

Now its time to look at NFSv4 ACL’s. This page has a great explanation of ACL’s and how to set things up. http://cuddletech.com/blog/pivot/entry.php?id=939

The ZFS manual here has the compact access and inheritance codes for chmod : http://opensolaris.org/os/community/zfs/docs/zfsadmin.pdf

Here are the current compact codes for access control;

add_file w , add_subdirectory p , delete d , delete_child D , execute x , list_directory r , read_acl c , read_attributes a , read_data r , read_xattr R , write_xattr W , write_data w , write_attributes A , write_acl C , write_owner o

Here are the current compact codes for inheritance control;

file_inherit f , dir_inherit d , inherit_only i , no_propagate n

So… The below command (referencing above compact codes) will give me (the owner) full permissions to files / directories, and read only access to everyone else. I have enabled inheritance so newly created files should also maintain their parents ACL without windows creating its own. Note: i used chown on the root of the my share first  i.e. chown -R daz /protected

then…

chmod -R A=\

owner@:wACpdDo:d:allow,\

owner@:wACpdDo:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/protected/

Remember to test that this has provided what you want. Connect to your share as guest test the permissions, then connect as the owner and test permissions again. The fun thing about this particular ACL system is that you are not restricted to just one owner and one group. You can add additional lines as required using user: and group: attributes. I’ve done a multi-user ACL post here.

There is alot of flexibility – i’d say even more than the samba server options by a long shot. Its probably a little bit more fiddly getting your commands right, but once up and running you can have alot more control.

There are also “ACL sets” which combine the above attributes into groups….. i.e .you can have just the word “full_set” (full permissions) or “read_set”  (supposedly gives you read, but i couldn’t see any child files after using this) between the first set of colons in the above command… Using ACL sets the above command could be changed to…

chmod -R A=\

owner@:full_set:d:allow,\

owner@:full_set:f:allow,\

everyone@:rxaARWcs:d:allow,\

everyone@:raARWcs:f:allow \

/protected/

This should still give the owner full permissions (previously the owner just inherited the everyone groups permissions it didnt have as well)

These are the possible choices for ACL sets: full_set , read_set , modify_set , write_set

see here for more examples : https://sigtar.com/2009/02/15/opensolaris-cifssmb-server-configuring-acl’s-on-shares-part-2/

—– workgroup authentication —–

Assuming you are NOT using a domain:
Did you enable the password database settings?
user@solaris:~# cat >> /etc/pam.conf

# Seem to need this line for smb / cifs:
other password required pam_smb_passwd.so.1 nowarn

(Control-D to end)

user@solaris:~# passwd
passwd: Changing password for user
New Password:
Re-enter new Password:
passwd: password successfully changed for user

ZFS – Creating snapshots

Posted on by No Comments ↓

There is some funky ways of modifying the default “time slider” services to do the work for you, but i like a bit more hands on. Generally so i know what is happening in the background, but the time slider can be sometimes overkill creating snapshots every 15 mins if not configured properly.

On a side note i’ve yet to get my head around the SMF stuff properly… Anyhow onto creating snapshots.

I”ve decided to snapshot both my unprotected and protected zpools.

I’ve created three scripts,this is what my snapdaily.sh script looks like ;

zfs destroy -r protected@daily

zfs destroy -r unprotected@daily

zfs snapshot -r protected@daily

zfs snapshot -r unprotected@daily

echo “Daily ZFS snapshot done” – output saved as part of the crontab job

The other two are similar, but weekly and monthly.  The name of the snapshot is after the @ symbol as above. the -r switch is recursive, so all zfs file systems beneath the named zfs also have snapshots created.

next I’ve saved this script and added it to crontab (as root since its zfs commands which are usually restricted);

su – enter password, you are now root.

crontab -e – edit roots crontab file (use vi to insert the following line)

0 5 * * * /protected/snapdaily.sh – this will run every day at 5am.

Run the script first to see if it works, then check with this command;

zfs list -t snapshot – you should see the above snapshots.

Repeat for weekly / monthly as above…

I have disabled all the automatic snapshots….

svcs -a | grep “snapshot” – should show you all the zfs snapshot services

svcadm disable svc:/system/filesystem/zfs/auto-snapshot:daily – etc, will disable these snapshots.

You can also turn off time slider via the GUI if you have turned it on.

fakeRAID vs Software RAID (windows)

Posted on by 1 Comment ↓

O.k. here is the latest from atomic magazine… I’m talking about RAID 0 (stripe) here.

Software RAID (i.e. windows stripe) is faster (both in throughput and seek time) than the “hardware” fake RAID built in to most new mother boards. Apparently it doesn’t matter about the stripe size of your raid either…. Software raid still wins??

I’m a bit skeptical about this, and will have to en devour on a few tests to conclude whether this is true or not…

What i propose…. i have 3 x 120Gb disks in my machine…. In both cases i will use windows solely on the first disk. The other two disks will then be created using fake raid first (bios raid), then i will recreate the raid using software raid.

In both cases i will test throughput / average seek times using HDTach, but i will also perform some real world tests such as loading times for games etc…

further reading shows that Software RAID may only beat fake RAID at the 64K stripe set — which is actually a highly recommended size .

I have been unable to reproduce the results, as i’m having troubles restoring my system back to a single drive. Oh well, i’ll try and remember to do it the next time i’m rebuilding my machine.

Edit : ZFS is faster than both! – by a long shot. ;)   …but of course it is not currently an option within windows.

ZFS – Error 16 : Inconsistent filesystem structure

Posted on by No Comments ↓

Oh no. I’ve managed to get this error before. And it was right after i applied compression to the rpool zfs filesystem. Upon the next reboot i was greeted with this error message;

Error 16 : Inconsistent filesystem structure

For me it was a show stopper and i had to go into recovery. So i’ve learnt my lesson – Not to touch the rpool zpool.

I was lucky enough to have put my data within a zfs filesystem (rpool/virtual) i created within the default rpool zpool.  I use this spot for my VirtualBox virtual machines.

Recovery for my rpool/virtual zfs filesystem;

  1. Boot the live cd
  2. open terminal, type SU, enter default password as of 2008.11 “opensolaris
  3. zpool import rpool – brings rpool and associated zfs filesystems back online
  4. type nautalis &, copy data from rpool/virtual to another drive (i mounted another disk by also importing another zpool – zpool import will list available zpools)
  5. zpool export rpool, then re-run the installation program. Note: you need to dismount rpool or the install will fail and stop.

Worked for me, usual disclaimer though. Most Guys Want To Get Bigger Muscles, how to get bigger muscles