From 82790392a3dad592a6740f555fe4a35e3aef0ce0 Mon Sep 17 00:00:00 2001
From: Sven Gothel <sgothel@jausoft.com>
Date: Thu, 15 Aug 2019 18:50:36 +0200
Subject: Add (default) ACL setup, which is now required for nfs4 at least

---
 README.txt           | 13 ++++++++++++-
 scripts/acl-setup.sh | 12 ++++++++++++
 scripts/s01.sh       |  9 ++++++++-
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 scripts/acl-setup.sh

diff --git a/README.txt b/README.txt
index 5da92ad..41dc1cc 100644
--- a/README.txt
+++ b/README.txt
@@ -102,6 +102,8 @@ zfs set dedup=off $POOL
 zfs set compression=off $POOL
 zfs set atime=off $POOL
 zfs set mountpoint=none $POOL
+zfs set acltype=posixacl $POOL
+zfs set xattr=sa $POOL
 
 # Create Dataset System Root 
 zfs create -o mountpoint=none $POOL/system
@@ -126,7 +128,8 @@ zfs create -o mountpoint=/usr/local/projects -o compression=lz4 $POOL/projects
 
 #3.4 Prepare ROOT
 
-mkdir -p /mnt
+## /mnt already must exist as the just created zfs fs
+##mkdir -p /mnt
 
 (cd /mnt && \
  tar --xattrs -xapf $STRAPBALL
@@ -317,6 +320,14 @@ reboot
 apt-get update
 apt-get dist-upgrade --yes
 
+# squeeze in some default ACLs for new files and directories
+setfacl -d --set u::rwx,g::rwx,o::r-x /data
+setfacl -d --set u::rwx,g::r-x,o::r-x /usr/local/projects
+setfacl -d --set u::rwx,g::rwx,o::r-x /srv
+setfacl -d --set u::rwx,g::r-x,o::--- /backup
+setfacl -d --set u::rwx,g::r-x,o::--- /home
+setfacl -d --set u::rwx,g::r-x,o::--- /root
+
 #8.2 Optional: Disable log compression:
 #
 # <s04.sh start>
diff --git a/scripts/acl-setup.sh b/scripts/acl-setup.sh
new file mode 100644
index 0000000..c2ed483
--- /dev/null
+++ b/scripts/acl-setup.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+#zfs set acltype=posixacl $POOL
+#zfs set xattr=sa $POOL
+
+setfacl -d --set u::rwx,g::rwx,o::r-x /data 
+setfacl -d --set u::rwx,g::r-x,o::r-x /usr/local/projects
+setfacl -d --set u::rwx,g::rwx,o::r-x /srv
+setfacl -d --set u::rwx,g::r-x,o::--- /backup
+setfacl -d --set u::rwx,g::r-x,o::--- /home
+setfacl -d --set u::rwx,g::r-x,o::--- /root
+
diff --git a/scripts/s01.sh b/scripts/s01.sh
index 9dcdd94..5c64afb 100644
--- a/scripts/s01.sh
+++ b/scripts/s01.sh
@@ -54,6 +54,8 @@ zfs set dedup=off $POOL
 zfs set compression=off $POOL
 zfs set atime=off $POOL
 zfs set mountpoint=none $POOL
+zfs set acltype=posixacl $POOL
+zfs set xattr=sa $POOL
 
 # Create Dataset System Root 
 zfs create -o mountpoint=none $POOL/system
@@ -72,11 +74,16 @@ zfs create -o mountpoint=/data $POOL/data
 zfs create -o mountpoint=/srv $POOL/services
 zfs create -o mountpoint=/usr/local/projects -o compression=lz4 $POOL/projects
 
+## Export / Import ( '-d ..' also changes the dev names )
+##zpool export $POOL
+##zpool import -d /dev/disk/by-id -R /mnt $POOL
+
 ##
 ## Prepare ROOT
 ##
 
-mkdir -p /mnt
+## /mnt already must exist as the just created zfs fs
+##mkdir -p /mnt
 
 (cd /mnt && \
  tar --xattrs -xapf $STRAPBALL
-- 
cgit v1.2.3