Any pointer or protips on education / where to start to diagnose extended acl issues?
Hammitt, Charles Allen
chammitt at email.unc.edu
Thu Feb 3 12:17:19 MST 2011
Any pointer or protips on education / where to start to diagnose extended acl issues? Something updated within the past few years?
Two node Ctdb samba standalone using IBM GPFS 3.2 backend filesystem w/ NFSv4 acl enabled;
# testparm -v | grep "acl "
Load smb config files from /etc/samba/smb.conf
Processing section "[data]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
acl compatibility = auto
acl check permissions = Yes
acl group control = Yes
acl map full control = Yes
force unknown acl user = Yes
nt acl support = Yes
map acl inherit = Yes
When coming in on the nfs exported side to a shared filesystem, the extended acls work as expected; getfacl / setfacl work and the permissions in place grant the expected access.
However, when coming in on the samba side, it's really hit or miss. Sometimes it works, sometimes not... and unfortunately, it seems like more and more it is not....
I wouldn't be so frustrated if it never worked, or always worked, but the sometimes yes, sometimes no is too much!
More information about the samba-technical