What ACL options woudl be best for s3fs?

Jeremy Allison jra at samba.org
Mon Mar 12 17:54:55 MDT 2012

On Tue, Mar 13, 2012 at 10:50:06AM +1100, Andrew Bartlett wrote:
> I'm not particularly failure with all the various ACL options available
> in smbd, so I figured it was better to ask rather than guess:
> What options should we use for ACLs on a AD DC, where we must have
> perfect AD ACL semantics?

You need either acl_xattr or acl_tdb, depending on whether
you need to store into a system xattr or a tdb.

> Is there any known issues with these modules and the Samba4 ACL setting,
> particularly as done in provision? (I recall something about different
> xattr names, so wanted to check).

Does provision write ACLs into the filesystem ? If it does
can you point me at that code ?

> What options are available for hosts that do not support extended
> attributes?  Samba4 sets an option to store everything into a TDB in
> this case, and this is used a lot in make test.  What option should I
> set for smbd, other than:

If there are no xattrs you can either use acl_tdb
directly, or stack vfs_acl_xattr on top of xattr_tdb.

> vfs objects = $vfs_modulesdir_abs/xattr_tdb.so
> $vfs_modulesdir_abs/streams_depot.so
> Eventually I want to make these hard-coded defaults, so I would like to
> get them right.

Hope this helps !


More information about the samba-technical mailing list