What ACL options woudl be best for s3fs?

Günter Kukkukk linux at kukkukk.com
Mon Mar 12 22:21:40 MDT 2012

On Tuesday 13 March 2012 00:50:06 Andrew Bartlett wrote:
> I'm not particularly failure with all the various ACL options available
> in smbd, so I figured it was better to ask rather than guess:
> What options should we use for ACLs on a AD DC, where we must have
> perfect AD ACL semantics?
> Is there any known issues with these modules and the Samba4 ACL setting,
> particularly as done in provision? (I recall something about different
> xattr names, so wanted to check).
> What options are available for hosts that do not support extended
> attributes?  Samba4 sets an option to store everything into a TDB in
> this case, and this is used a lot in make test.  What option should I
> set for smbd, other than:
> vfs objects = $vfs_modulesdir_abs/xattr_tdb.so
> $vfs_modulesdir_abs/streams_depot.so
> Eventually I want to make these hard-coded defaults, so I would like to
> get them right.
> Thanks,
> Andrew Bartlett

Hi Andrew,

when you would have followed Tridge's friendly approach to nearly
_always_ referring to the person, who made a patch ... or started
a discussion, you would have mentioned that i started the
the xattr/ACL discussion on IRC.

It's frustrating when such info is just "consumed" by anyone.
(without any notice)

Cheers, Günter
[01:33:39] <kukks> abartlet: have just started s4 with s3fs. Does s3 these days use the _same_ xattr storage/infos as s4 ? (i would 
guess no)
[01:58:24] <kukks> abartlet: same question with ACLs ..
[02:09:29] Dr{Wh0} [~sam at dev.null.nutech.com] hat den Server verlassen: Ping timeout: 272 seconds
[02:09:40] Dr{Wh0} [~sam at dev.null.nutech.com] hat #samba-technical betreten
[03:12:09] jacalvo [~jacalvo at] hat den Server verlassen: Remote host closed the connection
[04:10:37] rusty [~rusty at pdpc/supporter/bronze/rusty] hat den Server verlassen: Ping timeout: 255 seconds
[04:23:29] <ekacnet> kukks: s3 can use the same if you use the correct module 
[04:25:01] <@abartlet> ekacnet: can you put the details of the correct module into selftest/target/Samba4.pm for plugin_s4_dc?
[04:26:47] <kukks> ekacnet: so former s4 alpha users - with all their stored data - can easily switch to the s3fs backend ?
[04:33:34] <kukks> ekacnet: abartlet: what does that mean at all? Is there a migration path needed - or not?
[04:36:02] <@abartlet> it will need to be just smb.conf changes at most before we can declare this production
[04:39:09] <kukks> abartlet: afaik - the s4 xattr/acl implementation uses more stuff than s3. So the s4 stuff should/must be used ?
[04:43:32] <kukks> abartlet: s4 smbclient's "allinfo filename" shows a lot more info than the one from s3
[04:44:59] <@abartlet> kukks: honestly, I've not looked into the fine details here.  There remains much work to do, and your help 
would be much appriciated
[04:45:22] <@abartlet> sadly it is assumed just because I've plumbed up the authentication parts, that the rest will just work.  This 
isn't the case

More information about the samba-technical mailing list