Any pointer or protips on education / where to start to diagnose extended acl issues?

[Hammitt, Charles Allen]

Any pointer or protips on education /  where to start to diagnose extended acl issues?  Something updated within the past few years?


The environment:

Two node Ctdb samba standalone using IBM GPFS 3.2 backend filesystem w/ NFSv4 acl enabled;

# testparm -v | grep "acl "
Load smb config files from /etc/samba/smb.conf
Processing section "[data]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

        acl compatibility = auto
        acl check permissions = Yes
        acl group control = Yes
        acl map full control = Yes
        force unknown acl user = Yes
        nt acl support = Yes
        map acl inherit = Yes



The problem:

When coming in on the nfs exported side to a shared filesystem, the extended acls work as expected; getfacl / setfacl work and the permissions in place grant the expected access.

However, when coming in on the samba side, it's really hit or miss.  Sometimes it works, sometimes not... and unfortunately, it seems like more and more it is not....



I wouldn't be so frustrated if it never worked, or always worked, but the sometimes yes, sometimes no is too much!