NTVFS to S3FS Migration

simo idra at samba.org
Wed Jun 6 06:18:59 MDT 2012

On Wed, 2012-06-06 at 14:41 +1000, Andrew Bartlett wrote: 
> On Tue, 2012-06-05 at 20:15 -0400, brendan powers wrote:
> > Since the release of Alpha21, I've been looking into implementing S3FS
> > in existing NTVFS installations. For the most part, it's fairly
> > simple. Just added the needed entries to the existing smb.conf file.
> > There is one sticky point however, and that is upgrading to the new
> > permission format. In the past, NTVFS has simply stored the security
> > descriptor in the seciry.NTACL xattr. Now, with the introduction of
> > S3FS this format has changed to the security descriptor, plus a hash
> > of the POSIX permissions. As I understand it, if the hash in the xattr
> > does not match the actual POSIX permissions, the NT descriptor is
> > thrown out, and then re-built from using the POSIX permissions as a
> > starting point.
> > 
> > So, at the moment, I'm trying to figure out how to upgrade to S3FS and
> > preserve any existing NTVFS permissions. As well as migrating new
> > installations, Resara  Server (the product I work on that's currently
> > using NTVFS) edits the security attributes in security.NTACL directly.
> > So I also need a way to edit permissions in S3FS on an ongoing basis.
> > As I see it, here are my options.
> G'day Brendan,
> The 'old' security.NTACL xattr format is honoured in preference to any
> other ACL.  We actually need this long-term, as we can't set the posix
> ACL during the provision, so the group policy objects are still (even
> with s3fs) being written in the NTVFS format.

Why can't you simply start smbd as part of provision and set ACLs
through the SMB interface ?


Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list