Acls and cifs mounted shares
Steve French (smfltc)
smfltc at us.ibm.com
Fri Jan 4 18:23:42 GMT 2008
> There seems to be a lot of activity in the cifs development team with
> respect to acls. Does this mean that we can look forward to functional
> acl permissions in a recent or forthcoming kernel?
Yes. 2.6.24 will have support for returning a more accurate mode for a file on a cifs mount based on its cifs ACL. This requires mounting with the new "cifsacl" mount option and it requires that the Linux cifs module be configured/built with CONFIG_CIFS_EXPERIMENTAL. This is not needed for Samba and other servers which support the CIFS Unix extensions to the protocol since they already support returning the mode of a file from the server (and they also support getting and setting POSIX ACLs).
The current cifs development tree (which is also picked up by -mm) includes code to allow users to change the mode of a file via changing the cifs ACL (when mounted with the "cifsacl" mount option), but additional testing is needed on that before it will be ready to merge into mainline.
The next step is to allow getting and changing the CIFS ACL directly - today that can be done via the samba client utility "smbcacls" for example but it may be helpful to allow changes to CIFS/NTFS/NFSv4 ACLs (which are similar) from a tool like setfacl so that CIFS and NFS and NTFS modules can use similar tool on the client. Andreas Gruenbacher has had some proposals for this (e.g. see http://www.suse.de/~agruen/agruen-nfs4acl.pdf)
More information about the samba-technical