[Samba] Samba and ACLs with XFS [WAS: Samba and RSBAC or LSM]
Greg Freemyer
freemyer at NorcrossGroup.com
Fri Aug 2 13:30:03 GMT 2002
>> XFS ACLs doesn't help me with my trouble, because it's only addition to
>> standard permissions. (Using only rwx permissions.)
>> I found some projects like RSBAC or LSM, that have fine grained EAs.
>> They have for example: READ, WRITE, DELETE, EXECUTE, MOUNT, TRUNCATE and
>> others.
>> But the point of my original question was if Samba supports this EAs
>> (from RSBAC or LSM or any other similar project), or only supports POSIX
>> ACLs.
>> Maybe this question should be posted to the technical list.
>> But thanks for your answers.
>> David.
David,
Feel free to post on the technical list. I for one am not an expert in this =
area, but I have done a lot of research on the topic of EAs/ACLs.
To the best of my knowledge, both the XFS and bestbits patched ext2/3 =
filesystems support a full range of arbitrary EAs. i.e. an EA is a simple name =
value pair and can be used for any purpose.
ACLs are a specific set of filesystem defined EAs that are used to enforce =
access rules.
I do NOT know if either filesystem will enforce any non-posix ACLs.
To the best of my knowledge, samba only supports Posix ACLs.
If I were you, I would ask on the bestbits mailing list if either filesystem =
will support the non-posix ACLs you want. FYI: bestbits now supports the =
userland tools for EAs and ACLs for both the patched ext2/3 and xfs =
filesystems. (SGI no longer has any support for user-land EA/ACL tools, =
instead they maintain compatibility with the bestbit tools.)
Regardless of the underlying filesystems support for non-posix ACLs, your apps =
will still NOT be able to set them because Samba does not support them.
If the bestbits people are providing the appropriate tools and the underlying =
filesystem will enforce them, you could still set the non-posix ACLs on the =
backside manually.
I have never worked with non-posix ACLs behind Samba, so I cannot tell you how =
well/poorly it will work.
Greg Freemyer
Internet Engineer
Deployment and Integration Specialist
Compaq ASE - Tru64 v4, v5
Compaq Master ASE - SAN Architect
The Norcross Group
www.NorcrossGroup.com
More information about the samba
mailing list