CIFS Server Howto

This is an example guide on setting up sharing on a EON ZFS Storage CIFS server.

Pre-requisite(s): EON Install (All commands are run as user "root" unless otherwise specfied)

Schema

The schema here is user "andrel", group "stor", will transfer and own all the common area files (music, movies, pictures, etc). The group "stor" already exists (user admin is a part of this group) but feel free to create your own group schema. All other users will be able to access and view these files. They will not be allowed to modify or delete anything from the common area. They will have their personal home directory as a share to store their files. There will also be a public share that anyone can write to, but cannot modify or delete other user's public area files. Create a user name and user id table, similar to below, that you will use while following the guide.

user    group   user id     group id        home directory
andrel  stor    550         500             zpool/users/andrel
jackc   stor    552         500             zpool/users/jackc
joe     stor    554         500             zpool/users/joe

List disks available for ZPOOL creation.

echo | format
Searching for disks...done
AVAILABLE DISK SELECTIONS:
       0. c1t0d0 <ATA-WDC WD2002FAEX-0-1D05-1.82TB>
          /pci@0,0/pci15d9,60a@1f,2/disk@0,0
       1. c1t1d0 <ATA-WDC WD2002FAEX-0-1D05-1.82TB>
          /pci@0,0/pci15d9,60a@1f,2/disk@1,0
Specify disk (enter its number): Specify disk (enter its number):

ZPOOL & ZFS creation

For this guide, let's create a mirrored (RAID-1) ZPOOL named "abyss" using disks c1t0d0, c1t1d0. Here, you will create your RAID-Z, RAID-Z2, RAID-10 or zpool of preference. "casesensitivity" can only be set at creation time! It cannot be modified later! Other parameters listed below can be added/modified later. "casesensitivity=mixed" allows the file name matching algorithm used by the file system to be both "casesensitive" and "caseinsensitive" (allows a combination of both styles).

zpool create -O casesensitivity=mixed abyss mirror c1t0d0 c1t1d0

Let's enable "aclinherit" to "passthrough-x" on ZPOOL "abyss". "passthrough" allows files created with 664 or 666 to be created, "passthrough-x" will additionally allow execute bit to be preserved. If you plan to use NFSv3, setting "aclmode" to match helps.

zfs set aclinherit=passthrough-x abyss

Let's create a ZFS swap big enough for 4GB RAM (1xRAM). A ZFS swap is highly recommended for improved performance and stability. Here, I opted for an additional 1GB buffer and the "-b 4k" is optional but creates a 4096 byte per block filesystem.

zfs create -V 5G -b 4k abyss/swap

Create the parent directory for all user directories. This is where their personal share(s) will reside. The "-p" option creates all non-existent parent directories.

zfs create -o casesensitivity=mixed -p abyss/users

Create the common area ZFS share filesystem named, "share". All users will be granted read/view permission to this area.

zfs create -o casesensitivity=mixed -o sharesmb=on abyss/share

Optional: Create the public ZFS share filesystem named, "public". Skip all commands for "public" if you do not need a public access share. To create a "public" share, include the "optional" labeled steps.

zfs create -o casesensitivity=mixed -o sharesmb=on abyss/public

Set the share name to "share". If you do not set the share name, this defaults to path_name(abyss_share). This is the share name that will be displayed on the client (Win, Mac, etc)

zfs set sharesmb=name=share abyss/share

Optional: Set the share name to "public".

zfs set sharesmb=name=public abyss/public

Optional: Enable "gzip-1" compression on the ZFS dataset "abyss/share", "abyss/public". Defaults to lzjb compression, which is slightly faster but offers less compression. Gzip-9 offers better compression but is slightly slower than gzip-1. Gzip-6 offers a nice balance of performance and compression. Gzip-9 will incur approximately a 5% cpu performance penalty.

zfs set compression=gzip-6 abyss/share
zfs set compression=gzip-6 abyss/public

Enable "aclinherit" to "passthrough-x" on ZFS dataset "abyss/share", "abyss,public. "aclinherit" controls how ACL entries are inherited when files and directories are created under this share. ( aclinherit options = discard | noallow | restricted | passthrough | passthrough-x ).

zfs set aclinherit=passthrough-x abyss/share
zfs set aclinherit=passthrough-x abyss/public

Other ZFS dataset parameters to consider: "aclmode=passthrough" indicates that no changes are made to the ACL other than generating the necessary ACL entries to represent the new mode of the file or directory. "aclmode" controls how an ACL is modified during chmod. ( aclmode options = discard | groupmask | passthrough ).

zfs set aclmode=passthrough zpool/dataset

Allow snapshots to be visible for NFS users.

zfs set snapdir=visible zpool/dataset

Setting directory modes and ACLs

Set the mode on the ZPOOL "abyss".

chmod 777 /abyss

Optional: Set the mode on ZFS dataset "abyss/public".

chmod 1777 /abyss/public

Optional: If a "public" folder is needed within the common area share "abyss/share". All users will be able to create and view files in the "public" folder but they will not be able to modify or delete other user's files or directories.

mkdir -p /abyss/share/public
chown root:sys public
chmod 1777 /abyss/public

Set the mode and ZFS ACLs (access control list) on the ZPOOL "abyss". You can copy and paste the following "chmod" command(s) into a executable script or directly into a SSH terminal session.

chmod A=\
owner@:--------------:-------:deny,\
owner@:rwxp---A-W-Co-:-------:allow,\
group@:--------------:-------:deny,\
group@:rwxp----------:-------:allow,\
everyone@:-------A-W-Co-:-------:deny,\
everyone@:rwxp--a-R-c--s:-------:allow \
/abyss

Set the ZFS ACLs for ZFS dataset abyss/share. You can copy and paste the following "chmod" command(s) directly into a SSH terminal session.

chmod -R A=\
owner@:rwxpdDaARWcCos:fd-----:allow,\
everyone@:r-x---a-R-c---:fd-----:allow,\
owner@:--------------:-------:deny,\
owner@:rwxp---A-W-Co-:-------:allow,\
group@:-w-p----------:-------:deny,\
group@:r-x-----------:-------:allow,\
everyone@:-w-p---A-W-Co-:-------:deny,\
everyone@:r-x---a-R-c--s:-------:allow \
/abyss/share

Optional: Create common area share top level directories. This is an example directory structure to show what is shared in the common area.

cd /abyss/share
mkdir archive movies videos music images docs TV VM iso eon downloads uploads scripts
common share

User creation and ownership

Create user "andrel", group "stor", uid "550", gid "500", comment "Johnny Cage", home directory/personal share "/abyss/users/andrel". Shell "/usr/bin/bash" means this user can login via SSH. Shell "/usr/bin/false" means the user is not allowed to log in via SSH. The useradd is ZFS capable and will create the "andrel" ZFS dataset in "/abyss/users". ZFS dataset "/abyss/users" was created above in the ZPOOL & ZFS creation section.

useradd -u 550 -g 500 -c "Johnny Cage" -d /abyss/users/andrel -m -k /etc/skel -s /usr/bin/bash andrel
useradd -u 552 -g 500 -c "Jackie Chan" -d /abyss/users/jackc -m -k /etc/skel -s /usr/bin/false jackc
useradd -u 554 -g 500 -c "Joe SR20DETT" -d /abyss/users/joe -m -k /etc/skel -s /usr/bin/bash joe

Set the recursive "R" ownership to user "andrel, 550:500" on ZFS dataset(s) "abyss/share", and "abyss/users/andrel". The "-h" switch includes symlink ownership. Note "550:500" is short hand equivalent to "andrel:stor" (refer to schema table at top of guide).

chown -hR 550:500 /abyss/share
chown -hR 550:500 /abyss/users/andrel

Set proper ownership for other users.

chown -hR 552:500 /abyss/users/jackc
chown -hR 554:500 /abyss/users/joe

Set the share name on the user directories/personal shares created by useradd.

zfs set sharesmb=name=andrel abyss/users/andrel
zfs set sharesmb=name=jackc  abyss/users/jackc
zfs set sharesmb=name=joe    abyss/users/joe

Set passwords for the users created.

password andrel
password jackc
password joe

Save user accounts

The passwords for "root" and "admin" should also be changed from their defaults NOW, if they have not been changed already! Run updimg.sh to preserve the users and passwords just created.

updimg.sh /mnt/eon0/boot/x86.eon

Login as andrel (owner of all files as per schema above) via your client OS and begin loading the common area (movies, videos, music, pictures, etc) data. Happy storing.

solid . storeable . superb

EON, Storage for Life.