Skip to content

Commit 1980cc6

Browse files
wblockwblock
committed
Clarify permission usage.
Ticket: #11390
1 parent 39a75b1 commit 1980cc6

File tree

1 file changed

+18
-18
lines changed

1 file changed

+18
-18
lines changed

userguide/storage.rst

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -512,24 +512,24 @@ summarizes the options in this screen.
512512
boxes :guilabel:`Apply Owner (user)` and :guilabel:`Apply Mode`.
513513

514514

515-
If a mix of operating systems or clients will be accessing the
516-
volume/dataset using a non-SMB share, select the *Unix*
517-
:guilabel:`Permission Type`, as all clients understand them.
518-
519-
The *Windows* :guilabel:`Permission Type` augments traditional *Unix*
520-
permissions with ACLs. Use the *Windows* :guilabel:`Permission Type`
521-
for SMB shares or when the %brand% system is a member of an Active
522-
Directory domain.
523-
524-
If you change your mind about the :guilabel:`Permission Type`, it is
525-
not necessary to recreate the volume/dataset, as existing data is not
526-
lost. However, changing from *Windows* to *Unix* or *Mac* will remove
527-
the extended permissions provided by ACLs from existing files.
528-
529-
When the *Windows* :guilabel:`Permission Type` is set, the ACLs are
530-
set to what Windows sets on new files and directories by default. The
531-
Windows client should then be used to fine-tune the permissions as
532-
required.
515+
The *Windows* :guilabel:`Permission Type` is used for SMB shares or when
516+
the %brand% system is a member of an Active Directory domain. This adds
517+
ACLs to traditional *Unix* permissions. When the *Windows*
518+
:guilabel:`Permission Type` is set, ACLs are set to Windows defaults
519+
for new files and directories. A Windows client can be used to further
520+
fine-tune permissions as needed.
521+
522+
The *Unix* :guilabel:`Permission Type` is usually used with NFS shares.
523+
These permissions are compatible with most network clients and generally
524+
work well with a mix of operating systems or clients. However, *Unix*
525+
permissions do not support Windows ACLs and should not be used with SMB
526+
shares.
527+
528+
The *Mac* :guilabel:`Permission Type` is used with AFP shares.
529+
530+
After a volume or dataset has been set to *Windows*, it cannot be
531+
changed to *Unix* permissions because that would remove extended
532+
permissions provided by *Windows* ACLs.
533533

534534

535535
.. index:: Create Dataset

0 commit comments

Comments
 (0)