Programmer Thoughts

By John Dickinson

Network Shares

May 02, 2009

After setting up ZFS, I need to set up network shares and connect them to our home computers.

I originally chose NFS because of its simplicity to set up.

zfs set sharenfs=on tank/Media
zfs set sharenfs=on tank/twiddle
zfs set sharenfs=on tank/backups

That’s it for the OpenSolaris side of things. The only thing left to do is connect these NFS shares to my Mac. This is a simple task. Although I could mount them like any other server, I instead chose to use the automount facility provided by Directory Services (Note: this feature has changed in Snow Leopard). This way, the share is mounted when it is needed—a helpful tool when I am using a share for my iTunes music.

Directory Utility showing two NFS shares to be automounted

One big disadvantage of NFS, though, is that it shares based on user id. That is, user id number 1000 on the client will connect as user id 1000 on the NFS server. The practical implications of this is that each client computer should have unique user ids. Unfortunately, without a common user management system like NIS or LDAP, managing unique users across independent clients very quickly becomes tedious.

One alternative to NFS is to use CIFS/SMB. CIFS/SMB is normally used to make shares accessible to Windows computers, but it can also be used when one needs to maintain separate user accounts on server and client machines. In my case, I have two OS X computers, each with the primary user account #501. In this case, I can set up two user accounts on the file server and use SMB to access them from the Macs.

Setting up CIFS/SMB is not terribly complicated, but it does require installing a couple of packages.

pkg install SUNWsmbs SUNWsmbskr

Next, enable the smb server:

svcadm enable -r network/smb/server

And finally, set the ZFS mount to use smb:

zfs sharesmb=name=Media tank/Media
zfs sharesmb=name=twiddle tank/twiddle

At this point I could connect to the shares from my Mac via SMB, but I noticed that newly created files had no permissions. The solution was to set up ACLs on the file server.

/bin/chmod -R A=owner@:full_set:d:allow,\
owner@:full_set:f:allow,\
everyone@:rxaARWcs:d:allow,\
everyone@:raARWcs:f:allow \
/tank/Media /tank/twiddle

This simply sets an ACL that allows the owner full access and gives read access to everyone else. Note that this command uses /bin/chmod, and not the OpenSolaris default of /usr/gnu/bin/chmod. For more details on ACLs, see the excellent posts at Daz’s bits and bobs.

On the file server, I have two users (john_remote and karen_remote), both members of the same group (remote), that I use for SMB sharing. I changed the ownership and group of the files that are shared on the file server, and I can now connect from the Macs with no problem. Thinking longer term, the SMB shares have the further advantage of still being usable as computers are added or replaced. The key is just the user id and password.

Note: I did have some problems getting smb to start after a reboot. The code below fixed it.

# svcadm disable network/smb/server
# rem_drv smbsrv
Invalid argument
Cannot remove major number binding for 260
# add_drv smbsrv
# svcadm enable -r network/smb/server
# svcs | grep smb
online 20:59:18 svc:/network/smb/server:default
#

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

The thoughts expressed here are my own and do not necessarily represent those of my employer.