Embedded Files
This is an example guide on setting up sharing on a EON ZFS Storage CIFS server.
Pre-requisite(s): EON Install (All commands are run as user "root" unless otherwise specfied)
Schema
Schema
The schema here is user "andrel", group "stor", will transfer and own all the common area files (music, movies, pictures, etc). The group "stor" already exists (user admin is a part of this group) but feel free to create your own group schema. All other users will be able to access and view these files. They will not be allowed to modify or delete anything from the common area. They will have their personal home directory as a share to store their files. There will also be a public share that anyone can write to, but cannot modify or delete other user's public area files. Create a user name and user id table, similar to below, that you will use while following the guide.
user group user id group id home directoryandrel stor 550 500 zpool/users/andreljackc stor 552 500 zpool/users/jackcjoe stor 554 500 zpool/users/joeList disks available for ZPOOL creation.
echo | formatSearching for disks...doneAVAILABLE DISK SELECTIONS: 0. c1t0d0 <ATA-WDC WD2002FAEX-0-1D05-1.82TB> /pci@0,0/pci15d9,60a@1f,2/disk@0,0 1. c1t1d0 <ATA-WDC WD2002FAEX-0-1D05-1.82TB> /pci@0,0/pci15d9,60a@1f,2/disk@1,0Specify disk (enter its number): Specify disk (enter its number):ZPOOL & ZFS creation
ZPOOL & ZFS creation
For this guide, let's create a mirrored (RAID-1) ZPOOL named "abyss" using disks c1t0d0, c1t1d0. Here, you will create your RAID-Z, RAID-Z2, RAID-10 or zpool of preference. "casesensitivity" can only be set at creation time! It cannot be modified later! Other parameters listed below can be added/modified later. "casesensitivity=mixed" allows the file name matching algorithm used by the file system to be both "casesensitive" and "caseinsensitive" (allows a combination of both styles).
zpool create -O casesensitivity=mixed abyss mirror c1t0d0 c1t1d0Let's enable "aclinherit" to "passthrough-x" on ZPOOL "abyss". "passthrough" allows files created with 664 or 666 to be created, "passthrough-x" will additionally allow execute bit to be preserved. If you plan to use NFSv3, setting "aclmode" to match helps.
zfs set aclinherit=passthrough-x abyssLet's create a ZFS swap big enough for 4GB RAM (1xRAM). A ZFS swap is highly recommended for improved performance and stability. Here, I opted for an additional 1GB buffer and the "-b 4k" is optional but creates a 4096 byte per block filesystem.
zfs create -V 5G -b 4k abyss/swapCreate the parent directory for all user directories. This is where their personal share(s) will reside. The "-p" option creates all non-existent parent directories.
zfs create -o casesensitivity=mixed -p abyss/usersCreate the common area ZFS share filesystem named, "share". All users will be granted read/view permission to this area.
zfs create -o casesensitivity=mixed -o sharesmb=on abyss/shareOptional: Create the public ZFS share filesystem named, "public". Skip all commands for "public" if you do not need a public access share. To create a "public" share, include the "optional" labeled steps.
zfs create -o casesensitivity=mixed -o sharesmb=on abyss/publicSet the share name to "share". If you do not set the share name, this defaults to path_name(abyss_share). This is the share name that will be displayed on the client (Win, Mac, etc)
zfs set sharesmb=name=share abyss/shareOptional: Set the share name to "public".
zfs set sharesmb=name=public abyss/publicOptional: Enable "gzip-1" compression on the ZFS dataset "abyss/share", "abyss/public". Defaults to lzjb compression, which is slightly faster but offers less compression. Gzip-9 offers better compression but is slightly slower than gzip-1. Gzip-6 offers a nice balance of performance and compression. Gzip-9 will incur approximately a 5% cpu performance penalty.
zfs set compression=gzip-6 abyss/sharezfs set compression=gzip-6 abyss/publicEnable "aclinherit" to "passthrough-x" on ZFS dataset "abyss/share", "abyss,public. "aclinherit" controls how ACL entries are inherited when files and directories are created under this share. ( aclinherit options = discard | noallow | restricted | passthrough | passthrough-x ).
zfs set aclinherit=passthrough-x abyss/sharezfs set aclinherit=passthrough-x abyss/publicOther ZFS dataset parameters to consider: "aclmode=passthrough" indicates that no changes are made to the ACL other than generating the necessary ACL entries to represent the new mode of the file or directory. "aclmode" controls how an ACL is modified during chmod. ( aclmode options = discard | groupmask | passthrough ).
zfs set aclmode=passthrough zpool/datasetAllow snapshots to be visible for NFS users.
zfs set snapdir=visible zpool/datasetSetting directory modes and ACLs
Setting directory modes and ACLs
Set the mode on the ZPOOL "abyss".
chmod 777 /abyssOptional: Set the mode on ZFS dataset "abyss/public".
chmod 1777 /abyss/publicOptional: If a "public" folder is needed within the common area share "abyss/share". All users will be able to create and view files in the "public" folder but they will not be able to modify or delete other user's files or directories.
mkdir -p /abyss/share/publicchown root:sys publicchmod 1777 /abyss/publicSet the mode and ZFS ACLs (access control list) on the ZPOOL "abyss". You can copy and paste the following "chmod" command(s) into a executable script or directly into a SSH terminal session.
chmod A=\owner@:--------------:-------:deny,\owner@:rwxp---A-W-Co-:-------:allow,\group@:--------------:-------:deny,\group@:rwxp----------:-------:allow,\everyone@:-------A-W-Co-:-------:deny,\everyone@:rwxp--a-R-c--s:-------:allow \/abyssSet the ZFS ACLs for ZFS dataset abyss/share. You can copy and paste the following "chmod" command(s) directly into a SSH terminal session.
chmod -R A=\owner@:rwxpdDaARWcCos:fd-----:allow,\everyone@:r-x---a-R-c---:fd-----:allow,\owner@:--------------:-------:deny,\owner@:rwxp---A-W-Co-:-------:allow,\group@:-w-p----------:-------:deny,\group@:r-x-----------:-------:allow,\everyone@:-w-p---A-W-Co-:-------:deny,\everyone@:r-x---a-R-c--s:-------:allow \/abyss/shareOptional: Create common area share top level directories. This is an example directory structure to show what is shared in the common area.
cd /abyss/sharemkdir archive movies videos music images docs TV VM iso eon downloads uploads scripts
User creation and ownership
User creation and ownership
Create user "andrel", group "stor", uid "550", gid "500", comment "Johnny Cage", home directory/personal share "/abyss/users/andrel". Shell "/usr/bin/bash" means this user can login via SSH. Shell "/usr/bin/false" means the user is not allowed to log in via SSH. The useradd is ZFS capable and will create the "andrel" ZFS dataset in "/abyss/users". ZFS dataset "/abyss/users" was created above in the ZPOOL & ZFS creation section.
useradd -u 550 -g 500 -c "Johnny Cage" -d /abyss/users/andrel -m -k /etc/skel -s /usr/bin/bash andreluseradd -u 552 -g 500 -c "Jackie Chan" -d /abyss/users/jackc -m -k /etc/skel -s /usr/bin/false jackcuseradd -u 554 -g 500 -c "Joe SR20DETT" -d /abyss/users/joe -m -k /etc/skel -s /usr/bin/bash joeSet the recursive "R" ownership to user "andrel, 550:500" on ZFS dataset(s) "abyss/share", and "abyss/users/andrel". The "-h" switch includes symlink ownership. Note "550:500" is short hand equivalent to "andrel:stor" (refer to schema table at top of guide).
chown -hR 550:500 /abyss/sharechown -hR 550:500 /abyss/users/andrelSet proper ownership for other users.
chown -hR 552:500 /abyss/users/jackcchown -hR 554:500 /abyss/users/joeSet the share name on the user directories/personal shares created by useradd.
zfs set sharesmb=name=andrel abyss/users/andrelzfs set sharesmb=name=jackc abyss/users/jackczfs set sharesmb=name=joe abyss/users/joeSet passwords for the users created.
password andrelpassword jackcpassword joe Save user accounts
Save user accounts
The passwords for "root" and "admin" should also be changed from their defaults NOW, if they have not been changed already! Run updimg.sh to preserve the users and passwords just created.
updimg.sh /mnt/eon0/boot/x86.eonLogin as andrel (owner of all files as per schema above) via your client OS and begin loading the common area (movies, videos, music, pictures, etc) data. Happy storing.
solid . storeable . superb
EON, Storage for Life.
Page updated
Google Sites
Report abuse