I am developing a script which uses the REST API for an Oracle ZFS Storage appliance ("ZS3"). The script uses the API to make a snapshot and clone of a production environment for use as a temporary test environment. So far everything is great... except I can find no way to specify the "Share Level ACL" settings for the SMB protocol.
A manual (via web ui) clone results in a default ACL of "everyone, full access". The ACL for the original share (source for the snapshot/clone) has a specific user list with specific ACLs. I assume that this information is not in the ZFS snapshot, but maintained outside of ZFS, hence it is not present in the clone (Q: Is this correct?).
I've re-read the Oracle document "E56084.pdf" ("Oracle ZFS Storage Appliance RESTful API Guide, Release 2013.1.4.0") a few times. There are vague references to the "sharesmb" property, and nothing else related to SMB or ACLs. My script correctly sets the "sharesmb" value (used to enabling SMB sharing) to "sharesmb=SHARENAME,abe=off,dfsroot=false" in the JSON payload passed to the API for creating a file system clone. However, I see no property that I can set for the actual ACL list. For NFS, this is easy, it is the value passed in the "sharenfs" property.
The result of a "GET" of the source project and share do not contain any reference to the users listed in the "SMB Share Level ACL" as seen in the web UI.
So, how do I copy over, or explicitly set if necessary, the "SMB Share Level ACLs" on a share via the REST api?
Thanks!
The system has two different kinds of ACLs and both are stored inside your datasets:
/usr/bin/ls -V /pool/filesystem/yourFileor/usr/bin/ls -Vd /pool/filesystem/yourDirto see them)./usr/bin/ls -V /pool/filesystem/.zfs/shares/yourShareNameto see them.Unfortunately I do not know how to to that over the REST API, but at least you know where your ACLs should end up.