Questions about ACLs
Andrew Bartlett
abartlet at samba.org
Wed May 30 00:08:22 MDT 2012
On Tue, 2012-05-29 at 19:26 +0200, Marc Muehlfeld wrote:
> Hello,
>
> I did a migration on my test system with "--use-xattrs=yes" (latest git
> version). I can add additional users/groups to a file or directory. The
> changes are also stored, if I recheck this later. But where it is stored?
> getfacl doesn't show it to me:
>
> # getfacl bla
> # file: bla
> # owner: 1061
> # group: 1031
> user::rw-
> group::r--
> other::r--
>
> The "Testing your filesystem" section from the HowTo works fine. Also the ext4
> filesystem is mounted with user_xattr:
> /dev/sda1 on / type ext4 (rw,user_xattr)
>
> The kernel on my Scienetific Linux 6 (RHEL6 clone) is also compiled with xattrs:
> CONFIG_EXT4_FS_XATTR=y
> CONFIG_EXT4_FS_POSIX_ACL=y
> CONFIG_EXT4_FS_SECURITY=y
>
> Where are the additional ACLs stored and why not in the filesystem here? Did I
> miss something?
If you were using a version before alpha21, then s3fs wasn't the
default, and so we didn't attempt to emulate the NT ACL into a POSIX
ACL.
With s3fs, we now do the translation. See
https://wiki.samba.org/index.php/Samba4/s3fs#Starting_s3fs
> And one more question about ACLs:
> In my s3 live system, my user/groups are stored in LDAP and I see the
> owner/group of file trough nss_ldap on linux. In my s4 test environment, now
> all files show only the uid/gid on files/directories. Can I get the
> user-/groupnames back by letting nss_ldap connect to the samba LDAP?
Use nss_winbind for that.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list