Sharing a ZFS filesystem with ACLs to OSX clients

Teo de Hesselle

Jul 11, 2011 • 1 min read

_The statements and opinions expressed here are my own_

_ and do not necessarily represent those of Oracle Corporation._

_Systems used in this article: Solaris 11 express, OSX 10.7 Lion_

ZFS provides useful NFSv4 ACLs, which are shared over the network when NFSv4 is used.

... however OSX's NFS client by default uses NFSv3 and does not use ACLs. In addition, the finder seems to use the old-style user-group-other permissions.

I have set up the same user IDs on both the OSX side and the solaris side.

Workaround: when mounting, force the use of the NFSv4 protocol, and enable the use of ACLs (on 10.7 "Lion" only).

On OSX, mount the remote filesystem:

# mount -o nfsvers=4,acl server:/path/to/filesys /Volumes/filesys

Then test the ACLs are visible (and correct!) using: # ls -le /Volumes/filesys/path/to/file

This would be tedious to do on each reboot, so you can add this to OSX's automounter. As of 10.6 (leopard), there is a GUI for this within 'Disk Utility'. You can also specify the options here.

I have several automounts set up, and then I use finder's sidebar to easily access these filesystems.

Lastly, the finder doesn't seem to like directories which don't have happy user-group-other permissions. You can work around this by changing 'acl' to 'aclonly' -- this will make all files appear as mode '777', with the client verifying ACL permissions and the server also enforcing the permissions.