Any pointer or protips on education / where to start to diagnose extended acl issues?

Hammitt, Charles Allen chammitt at email.unc.edu
Thu Feb 3 13:04:31 MST 2011 

cat /etc/samba/smb.conf

[global]
        workgroup = itsrc
        netbios name = gpfs1
        security = user

hosts deny = ALL
hosts allow = XXXXXXXXXXXXXDELETED FOR SECXXXXXXXXXXXXXXXXXXXXXXXXXXX
interfaces = eth0


client ntlmv2 auth = yes
ntlm auth = yes
null passwords = no 
disable netbios = yes
server signing = auto

browseable = no
name resolve order = lmhosts host

log file = /var/log/samba/log.%m 
log level = 0
syslog = 0

load printers = no
show add printer wizard = no
printcap name = /dev/null
disable spoolss = yes

create mask = 0750
directory mask = 0755
hide unreadable = yes
hide special files = yes
large readwrite = yes
nt acl support = yes 
guest ok = no
acl group control = yes
store dos attributes = yes
acl compatibility = auto
dos filemode = yes
dos filetimes = yes
dos filetime resolution = yes
inherit permissions = yes
inherit acls = yes
map acl inherit = yes


# =================== GPFS FILESYSTEM ========================
clustering = yes
idmap backend = tdb2
passdb backend = tdbsam
fileid:mapping = fsname
vfs objects = gpfs fileid
gpfs:sharemodes = No
force unknown acl user = yes
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge


[data]
        comment = Data
        path = /gpfs/nfs/share/data
        read only = No

        security mask = 0777
        force security mode = 0
        directory security mask = 0777
        force directory security mode = 0

[homes]
      comment = Home Directories
      path = /gpfs/nfs/share/homedir/%S
      browseable = no
      read only = no
      invalid users = root bin daemon nobody named sys tty disk mem kmem users
      valid users = %S

        security mask = 0777
        force security mode = 0
        directory security mask = 0777
        force directory security mode = 0











-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Thursday, February 03, 2011 3:00 PM
To: Hammitt, Charles Allen
Cc: Jeremy Allison; samba-technical at lists.samba.org
Subject: Re: Any pointer or protips on education / where to start to diagnose extended acl issues?

On Thu, Feb 03, 2011 at 07:46:32PM +0000, Hammitt, Charles Allen wrote:
> Hi Jeremy,
> 
> 
> V4 ACLs are enabled on the Clustered Parallel Filesystem (IBM GPFS 3.2) on which samba serves out; http://ctdb.samba.org/ 

Yes, NFSv4 ACLs might be enabled on the filesystem, but you haven't
told Samba that they are there. Samba doesn't know by magic. By
default it'll assume POSIX ACLs.

You need to add a VFS module load to tell Samba you have NFSv4 ACLs
on GPFS - which according to your smb.conf you haven't done.

Jeremy

More information about the samba-technical mailing list