Reset ACLs in NFS4/ZFS network share

The simple answer is that to mirror something takes almost no processing power - it just writes to the disk a second time. For RAID-Z2, you have to compute an entirely new parity block, which although small CAN bog down the CPU when you have to write large amounts of data quickly.

Mirroring is always the preferred solution for high-speed data, if it's just bulk-storage without fast write speeds, RAID-Z2 is a good alternative that does allow any two drives to die as you allude to.

The other advantage is that mirrored pools can be expanded with more mirrored devices - while a RAID-Z2 can not be expanded - though more RAID-Z2 storage can be added to the pool, it will be two RAID-Z2 storage pools concatenated (in effect) rather than equally split between all the storage and striped.

Well, whether you use traditional POSIX permissions or ACLs, you'll be using chmod on Solaris. I would suggest you use ACLs in this case. You'll have to apply the ACL separately to each file system in the tank storage pool. I suggest setting the aclmode and aclinherit properties of each filesystem to passthrough as well.

I think it's preferable to set the ACLs on the Solaris side of things instead of doing it through windows.

Basically it would look something like:

chmod -R A=\
group:suDevelopers:full_set,\
group:sysadmins:full_set,\
/tank/projects

chmod -R A=\
group:suDevelopers:full_set:allow,\
group:suStaff:full_set:allow,\
group:suContractors:full_set:allow
/tank/storage

chmod -R A=everyone@:full_set:allow /tank/sandbox

and etc as necessary. You can also use read_set for read-only permissions.

There's a lot of other ways you can cut things with ACLs, they're an extremely powerful system on Solaris. You can read man chmod and man zfs for details.

There's also this article which gives some further examples.

Also make sure you are using /usr/bin/chmod instead of /usr/gnu/bin/chmod which I believe is the default.