[OmniOS-discuss] smb share disappears after changing folder permissions followed by smb/server restart

[Дмитрий Глушенок]

Hello,

SMB server was joined AD domain, then ZFS dataset was shared using smbshare=on property. After changing permissions on dataset folder to something like this (no local users allowed):

# /usr/bin/ls -lvd /tzk-data-01
d---rwx---+  8 Administrator at tzk.local Domain Admins at tzk.local      13 Nov  2 12:12 /tzk-data-01
     0:group:Domain Users at tzk.lo:list_directory/read_data/read_xattr/execute
         /read_attributes/read_acl/synchronize:allow
     1:group:Domain Admins at tzk.l:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/delete/read_acl
         /write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow
#

Everything works fine till smb/server restart. After restart the share disappears from share list (smbutil view shows only c$, IPC$ and vss$). To return it back I have to change dataset folder permissions in such way that local users can access it. For example:
- add read/exec permission for user:root
- add read/exec permission for everyone@
- create idmap record mapping root to domain admin

Is it correct behavior? What prevents smbd (running as root) to share the folder on start?

When the dataset is shared i see /tzk-data-01/.zfs/shares/tzk-data-01 file is being created with following attributes:

-rwxrwxrwx+  1 root     root           0 Nov  2 15:04 /tzk-data-01/.zfs/shares/tzk-data-01
     0:everyone@:read_data/write_data/append_data/read_xattr/write_xattr
         /execute/delete_child/read_attributes/write_attributes/delete
         /read_acl/write_acl/write_owner/synchronize:allow

When smbd unable to share the dataset after service restart - the file still exists. No id mapping is done, "idmap list" is empty.

--
Dmitry Glushenok
Jet Infosystems