Any pointer or protips on education / where to start to diagnose extended acl issues?
Hammitt, Charles Allen
chammitt at email.unc.edu
Thu Feb 3 12:46:32 MST 2011
Hi Jeremy,
V4 ACLs are enabled on the Clustered Parallel Filesystem (IBM GPFS 3.2) on which samba serves out; http://ctdb.samba.org/
I run a 3.3 version of samba; so I will look towards the 3.5 in the future.
Thanks!
-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Sent: Thursday, February 03, 2011 2:30 PM
To: Hammitt, Charles Allen
Cc: samba-technical at lists.samba.org
Subject: Re: Any pointer or protips on education / where to start to diagnose extended acl issues?
On Thu, Feb 03, 2011 at 07:17:19PM +0000, Hammitt, Charles Allen wrote:
>
> Any pointer or protips on education / where to start to diagnose extended acl issues? Something updated within the past few years?
>
>
> The environment:
>
> Two node Ctdb samba standalone using IBM GPFS 3.2 backend filesystem w/ NFSv4 acl enabled;
>
> # testparm -v | grep "acl "
> Load smb config files from /etc/samba/smb.conf
> Processing section "[data]"
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> Press enter to see a dump of your service definitions
>
> acl compatibility = auto
> acl check permissions = Yes
> acl group control = Yes
> acl map full control = Yes
> force unknown acl user = Yes
> nt acl support = Yes
> map acl inherit = Yes
>
>
>
> The problem:
>
> When coming in on the nfs exported side to a shared filesystem, the extended acls work as expected; getfacl / setfacl work and the permissions in place grant the expected access.
>
> However, when coming in on the samba side, it's really hit or miss. Sometimes it works, sometimes not... and unfortunately, it seems like more and more it is not....
Where are you enabling NFSv4 ACLs in Samba ? I don't see a module load
that enables it ? Also, try 3.5.x, this has more ACL fixes than 3.2.
Jeremy.
More information about the samba-technical
mailing list