What ACL options woudl be best for s3fs?
Jeremy Allison
jra at samba.org
Mon Apr 2 11:37:07 MDT 2012
On Mon, Apr 02, 2012 at 01:22:12PM +1000, Andrew Bartlett wrote:
> On Tue, 2012-03-13 at 10:37 -0700, Jeremy Allison wrote:
> > On Tue, Mar 13, 2012 at 11:21:46AM +1100, Andrew Bartlett wrote:
> > > On Mon, 2012-03-12 at 16:54 -0700, Jeremy Allison wrote:
> > > >
> > > > Does provision write ACLs into the filesystem ? If it does
> > > > can you point me at that code ?
> > >
> > > source4/scripting/python/samba/provision/__init__.py
> > >
> > > We write the ACL directly to disk (using the NT ACL in the xattr or
> > > tdb). I would like to keep the same method, but if we cannot, one
> > > alternative could be to wrap the vfs modules in python modules, in a way
> > > similar to vfstest (but it would be a lot of work).
> >
> > Ok, I'll take a look.
>
> Jeremy,
>
> Did you get a chance to understand the requirements of provision here?
Nope, not yet, sorry.
> > > > > What options are available for hosts that do not support extended
> > > > > attributes? Samba4 sets an option to store everything into a TDB in
> > > > > this case, and this is used a lot in make test. What option should I
> > > > > set for smbd, other than:
> > > >
> > > > If there are no xattrs you can either use acl_tdb
> > > > directly, or stack vfs_acl_xattr on top of xattr_tdb.
> > >
> > > Do either of these use the same tdb format as Samba4?
> >
> > I don't think so - the Samba4 server independently
> > re-implemented this without looking at the source3
> > code as I recall.
>
> Sadly it's the other way around: the 2007 implementation in the smbd
> vfs_xattr_tdb does not use the same format as the 2004 xattr_tdb
> (posix:eadb) used by the ntvfs file server.
>
> Does anybody know of any compelling reason for the difference? I
> haven't found any, but if there is some background I'm missing, it would
> help to know.
Oh wait a minute, I'm confused. I was thinking about the
ACL storage implementation (which needed extending to
host the extra timestamps needed), not the storage of
EA's in a tdb. I remember trying to make the ACL storage
code compatible (whichever one came first) so one could
be upgraded automatically to another.
The EA in tdb one isn't my code, so I don't remember
why it was written that way (or even who wrote it :-).
Jeremy.
More information about the samba-technical
mailing list