Create home directories with the --inheritable-path-acl option

You can enable the --inheritable-path-acl option on a share to specify that it is to be inherited on the share path if the parent directory has an inheritable ACL.

Before you begin

To perform most configuration tasks, you must log on as a member of the SecurityAdmin role.

About this task

By default, an SMB share's directory path is created with a synthetic ACL based on mode bits. You can enable the --inheritable-path-acl option to use the inheritable ACL on all directories that are created, either at share creation time or for those dynamically provisioned when connecting to that share.

Procedure

  1. Run commands similar to the following examples to enable the --inheritable-path-acl option on the cluster to dynamically provision a user home directory at first connection to a share on the cluster:
    isi smb shares create HOMEDIR_ACL --path=/ifs/home/%U \
       --allow-variable-expansion=yes --auto-create-directory=yes \
       --inheritable-path-acl=yes
    isi smb shares permission modify HOMEDIR_ACL \
      --wellknown Everyone \
      --permission-type allow --permission full
  2. Run a net use command, similar to the following example, on a Windows client to map the home directory for user411:
    net use q: \\cluster.company.com\HOMEDIR_ACL /u:user411
  3. Run a command similar to the following example on the cluster to view the inherited ACL permissions for the user411 share:
    cd /ifs/home/user411
    ls -lde .
    The system displays output similar to the following example:
    drwx------ +  2 user411 Isilon Users 0 Oct 19 16:23 ./
     OWNER: user:user411
     GROUP: group:Isilon Users
     CONTROL:dacl_auto_inherited,dacl_protected
     0: user:user411 allow dir_gen_all,object_inherit,container_inherit