Create home directories with the --inheritable-path-acl option

To perform most configuration tasks, you must log on as a member of the SecurityAdmin role. By default, an SMB share's directory path is created with a synthetic ACL based on mode bits. You can enable the --inheritable-path-acl option to use the inheritable ACL on all directories that are created, either at share creation time or for those dynamically provisioned when connecting to that share.

1. Run commands similar to the following examples to enable the --inheritable-path-acl option on the cluster to dynamically provision a user home directory at first connection to a share on the cluster:

   isi smb shares create HOMEDIR_ACL --path=/ifs/home/%U \
      --allow-variable-expansion=yes --auto-create-directory=yes \
      --inheritable-path-acl=yes

   isi smb shares permission modify HOMEDIR_ACL \
     --wellknown Everyone \
     --permission-type allow --permission full

2. Run a net use command, similar to the following example, on a Windows client to map the home directory for user411:

   net use q: \\cluster.company.com\HOMEDIR_ACL /u:user411

3. Run a command similar to the following example on the cluster to view the inherited ACL permissions for the user411 share:

   cd /ifs/home/user411
   ls -lde .

   The system displays output similar to the following example:

   drwx------ +  2 user411 Isilon Users 0 Oct 19 16:23 ./
    OWNER: user:user411
    GROUP: group:Isilon Users
    CONTROL:dacl_auto_inherited,dacl_protected
    0: user:user411 allow dir_gen_all,object_inherit,container_inherit