Any pointer or protips on education / where to start to diagnose extended acl issues?
Hammitt, Charles Allen
chammitt at email.unc.edu
Thu Feb 3 13:04:31 MST 2011
cat /etc/samba/smb.conf
[global]
workgroup = itsrc
netbios name = gpfs1
security = user
hosts deny = ALL
hosts allow = XXXXXXXXXXXXXDELETED FOR SECXXXXXXXXXXXXXXXXXXXXXXXXXXX
interfaces = eth0
client ntlmv2 auth = yes
ntlm auth = yes
null passwords = no
disable netbios = yes
server signing = auto
browseable = no
name resolve order = lmhosts host
log file = /var/log/samba/log.%m
log level = 0
syslog = 0
load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes
create mask = 0750
directory mask = 0755
hide unreadable = yes
hide special files = yes
large readwrite = yes
nt acl support = yes
guest ok = no
acl group control = yes
store dos attributes = yes
acl compatibility = auto
dos filemode = yes
dos filetimes = yes
dos filetime resolution = yes
inherit permissions = yes
inherit acls = yes
map acl inherit = yes
# =================== GPFS FILESYSTEM ========================
clustering = yes
idmap backend = tdb2
passdb backend = tdbsam
fileid:mapping = fsname
vfs objects = gpfs fileid
gpfs:sharemodes = No
force unknown acl user = yes
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge
[data]
comment = Data
path = /gpfs/nfs/share/data
read only = No
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
[homes]
comment = Home Directories
path = /gpfs/nfs/share/homedir/%S
browseable = no
read only = no
invalid users = root bin daemon nobody named sys tty disk mem kmem users
valid users = %S
security mask = 0777
force security mode = 0
directory security mask = 0777
force directory security mode = 0
-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Sent: Thursday, February 03, 2011 3:00 PM
To: Hammitt, Charles Allen
Cc: Jeremy Allison; samba-technical at lists.samba.org
Subject: Re: Any pointer or protips on education / where to start to diagnose extended acl issues?
On Thu, Feb 03, 2011 at 07:46:32PM +0000, Hammitt, Charles Allen wrote:
> Hi Jeremy,
>
>
> V4 ACLs are enabled on the Clustered Parallel Filesystem (IBM GPFS 3.2) on which samba serves out; http://ctdb.samba.org/
Yes, NFSv4 ACLs might be enabled on the filesystem, but you haven't
told Samba that they are there. Samba doesn't know by magic. By
default it'll assume POSIX ACLs.
You need to add a VFS module load to tell Samba you have NFSv4 ACLs
on GPFS - which according to your smb.conf you haven't done.
Jeremy
More information about the samba-technical
mailing list