[Samba] Samba and ACLs with XFS [WAS: Samba and RSBAC or LSM]

Greg Freemyer freemyer at NorcrossGroup.com
Fri Aug 2 13:30:03 GMT 2002 

 >>  XFS ACLs doesn't help me with my trouble, because it's only addition to
 >>  standard permissions. (Using only rwx permissions.)

 >>  I found some projects like RSBAC or LSM, that have fine grained EAs.
 >>  They have for example: READ, WRITE, DELETE, EXECUTE, MOUNT, TRUNCATE and
 >>  others.

 >>  But the point of my original question was if Samba supports this EAs
 >>  (from RSBAC or LSM or any other similar project), or only supports POSIX
 >>  ACLs.

 >>  Maybe this question should be posted to the technical list.

 >>  But thanks for your answers.

 >>  David.

David,

Feel free to post on the technical list.  I for one am not an expert in this =
area, but I have done a lot of research on the topic of EAs/ACLs.

To the best of my knowledge, both the XFS and bestbits patched ext2/3 =
filesystems support a full range of arbitrary EAs.  i.e. an EA is a simple name =
value pair and can be used for any purpose.

ACLs are a specific set of filesystem defined EAs that are used to enforce =
access rules.

I do NOT know if either filesystem will enforce any non-posix ACLs.

To the best of my knowledge, samba only supports Posix ACLs.

If I were you, I would ask on the bestbits mailing list if either filesystem =
will support the non-posix ACLs you want.  FYI: bestbits now supports the =
userland tools for EAs and ACLs for both the patched ext2/3 and xfs =
filesystems.  (SGI no longer has any support for user-land EA/ACL tools, =
instead they maintain compatibility with the bestbit tools.)

Regardless of the underlying filesystems support for non-posix ACLs, your apps =
will still NOT be able to set them because Samba does not support them.

If the bestbits people are providing the appropriate tools and the underlying =
filesystem will enforce them, you could still set the non-posix ACLs on the =
backside manually.

I have never worked with non-posix ACLs behind Samba, so I cannot tell you how =
well/poorly it will work.

Greg Freemyer
Internet Engineer
Deployment and Integration Specialist
Compaq ASE - Tru64 v4, v5
Compaq Master ASE - SAN Architect
The Norcross Group
www.NorcrossGroup.com

More information about the samba mailing list