cifs-shares are also exported via nfs without being configured therefor
1. create a dataset as cifs-share
2. set sharesmb=name=test (cifs should work now)
3. svcadm enable -r nfs/server
=> dfshares will show your cifs shares, because they are now also exported via nfs without any restrictions
=> every nfs capable client in your network is now able to bypass any restrictions on your shares
Updated by Rich Lowe about 10 years ago
The problem is sharemgr (or libshare, perhaps). When the nfs/server start method does 'sharemgr start -P nfs -a', it really does start sharing all shares on NFS. sharemgr seems convinced that something else is doing the "is this share appropriate to this protocol" check, but nothing that I can find is. libshare probably shouldn't, as from its point of view it's being asked to share 'foo' on NFS, and is just doing so. It seems that sharemgr should be where this is actually checked.
The most conservative place to check would be sa_enable_group before adding to worklist, less conservative places in descending order are enable_all_groups and enable_group, the latter may not actually catch every case.