What ACL options woudl be best for s3fs?

Stefan (metze) Metzmacher metze at samba.org
Mon Mar 12 18:08:02 MDT 2012

Am 13.03.2012 00:54, schrieb Jeremy Allison:
> On Tue, Mar 13, 2012 at 10:50:06AM +1100, Andrew Bartlett wrote:
>> I'm not particularly failure with all the various ACL options available
>> in smbd, so I figured it was better to ask rather than guess:
>> What options should we use for ACLs on a AD DC, where we must have
>> perfect AD ACL semantics?
> You need either acl_xattr or acl_tdb, depending on whether
> you need to store into a system xattr or a tdb.

Please note that smbd doesn't handle WBC_ID_TYPE_BOTH yet,
it will always handle groups as uids.

This happens because we have sid2uid and sid2gid functions
at different layers and they get called in that order.

We need to change that to do one sid2xid that returns the type.
And fix a few other related bugs.

>> Is there any known issues with these modules and the Samba4 ACL setting,
>> particularly as done in provision? (I recall something about different
>> xattr names, so wanted to check).
> Does provision write ACLs into the filesystem ? If it does
> can you point me at that code ?

smbd is able to read the system.NTACL attribute from the s4 provision.
But samba4 can't read the smbd format.
Also the s4 provision doesn't set the low level posix acl.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120313/aaa2fe2c/attachment.pgp>

More information about the samba-technical mailing list