Files and directories on my ZFS file systems have got the following permissions:
- 600 for files
- 700 for directories
- No ACLs.
That's a pretty simple and intuitive setup. I share some private directories and only my user has got privileges on it. I also mapped with idmap the staff UNIX group, to which my user belongs, with the Windows' Administrators group. Given the permissions sets I'm using it's probably unnecessary, but I didn't like that ephemeral SID showing up in the Windows security tab.
Now, with this setup, when I try to open a MOV files with the QuickTime player, I've got the following error:
Error -43: A file could not be found
Moreover the QuickTime player process, after closing the error windows, remains there hanging around. That's not a big issue but you have to kill it if you want to open it again.
The first thing I checked was if the file is readable. Well, obviously it is. The file is readable and I can copy it in a local folder and launch it from there. It works. But that's not what I want to accomplish.
Second thing I noticed is that, if I use the File Open... feature of the QuickTime player, the error is different: it simply says I haven't got sufficient privileges to open the file. It turns out that, for strange reasons and only in some situations, the QuickTime player was requiring more permissions that I thought it was necessary. I succeeded opening the files only removing some of the special permissions associated with that file. Specifically, the execute file denial (for my user), and the read data and write data denial for the Administrators and the Everyone group. Really, really strange, indeed.