Any pointer or protips on education / where to start to diagnose extended acl issues?
Jeremy Allison
jra at samba.org
Thu Feb 3 12:29:57 MST 2011
On Thu, Feb 03, 2011 at 07:17:19PM +0000, Hammitt, Charles Allen wrote:
>
> Any pointer or protips on education / where to start to diagnose extended acl issues? Something updated within the past few years?
>
>
> The environment:
>
> Two node Ctdb samba standalone using IBM GPFS 3.2 backend filesystem w/ NFSv4 acl enabled;
>
> # testparm -v | grep "acl "
> Load smb config files from /etc/samba/smb.conf
> Processing section "[data]"
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
>
> acl compatibility = auto
> acl check permissions = Yes
> acl group control = Yes
> acl map full control = Yes
> force unknown acl user = Yes
> nt acl support = Yes
> map acl inherit = Yes
>
>
>
> The problem:
>
> When coming in on the nfs exported side to a shared filesystem, the extended acls work as expected; getfacl / setfacl work and the permissions in place grant the expected access.
>
> However, when coming in on the samba side, it's really hit or miss. Sometimes it works, sometimes not... and unfortunately, it seems like more and more it is not....
Where are you enabling NFSv4 ACLs in Samba ? I don't see a module load
that enables it ? Also, try 3.5.x, this has more ACL fixes than 3.2.
Jeremy.
More information about the samba-technical
mailing list