NTVFS vs S3 file server

Andrew Tridgell tridge at samba.org
Thu Dec 8 04:21:09 MST 2011

Hi Michael,

> I see a potential danger with interoperability in heterogenious
> setups where cifs and nfs are served from the share at the same
> time and other software might also want to change the permissions.
> For this case, the acl_xattr module has the mechanism to fall
> back to the permissions stored in the file system when they have
> been changed externally with respect to the stored NT ACL. In these
> mixed environments, the override mode is not an option, imho.

Actually I think it is in these mixed environments where the override
mode is most essential.

If you don't have the override capability then the only way to get
really accurate NT ACL behaviour is to set the unix file permissions
very broadly. This for example is what is done in the [xcopy_share] in
the Samba3 testsuite. If that share is also exported via NFS then that
means that NFS clients will see these very broad permissions, which is
potentially dangerous.

The ideal for mixed environments is to use a "last ACL set wins"
model. If the last ACL set was a NT ACL, then use the NT ACL, and
ideally you would provide a mapping to posix ACLs during the setting of
the NT ACL (so posix apps see the mapped ACL). If the last ACL set was a
posix ACL then use that. You can do this by storing a hash of the posix
ACL in the NT ACL, allowing for detection of posix ACL changes.

This is largely orthogonal to the "raceless override" mechanism
however. Before we had the pvfs_sys.c code we defaulted the NT ACL
override to off as it wasn't safe. After the pvfs_sys code was added it
defaulted to on, as I think it is a big benefit for many users,
particularly for shares that tend to use complex ACLs (such as sysvol,
with delegated administrative control).

Cheers, Tridge

More information about the samba-technical mailing list