Skip to content

Creating a Permission-free Share with ZFS ACL’s and NFSv4

The need came up to create a ZFS filesystem, shared over NFS, to Linux clients, with no permissions enforced. Much of the documentation out there is sparse, dated, confusing, or wrong. This post at least aims not to be wrong.

On the Nexenta/Solaris machine, for zpool ‘storage’:

zfs set aclinherit=passthrough storage/shared

zfs set sharenfs=on storage/shared

/usr/sun/bin/chmod A=everyone@:read_data/list_directory/write_data/add_file/append_data/add_subdirectory/read_xattr/write_xattr/execute/delete_child/read_attributes/write_attributes/delete/read_acl/write_acl/write_owner/synchronize:file_inherit/dir_inherit:allow /storage/shared

Now install idmapd on the linux side and start it (rpcidmapd service on Fedora/RHEL/CentOS, libidmap and the nfs service on SuSE) and mount it with these options:

mount -t nfs4 -o rw,intr,hard,proto=tcp,port=2049,acl storage-server:storage/shared /mnt/shared

or set up your automounter to use similar options.  Now, all users can do everything to the share.

note: Comments are off until I get a better blog. Please e-mail me any corrections and I’ll add them.