Samba + NFS + (not visible) ACLs
af at muc.de
Wed Feb 13 07:14:59 MST 2013
recently i posted to the samba list and did not get any response, so
please don't be angry, that i post the patch here. The details can be
found in this mail:
In short: ACLs are set on an NFS-mounted filesystem, that is exported
via Samba by an NFS client, but the ACLs are not visible for this Samba
server (NFSv4 ACLs, but the mount is NFSv3) - however they are in effect.
This constellation causes strange phenomenons on the windows side, because
Samba is interpreting the permissions, that are not completely visible,
so the reply to the client cannot be appropriate.
The attached patch for Samba 4.0.1 introduces a new option
"native os permissions"
that actually disables Samba's own checks and pretends sufficient access
to the client.
My request is to check the patch and consider inclusion.
Thank you very much !!!
P.S.: To anticipate questions, that may arise now on your side:
q: why don't you make NFS4 mounts ?
a: NFSv4 mounts are not stable in the current Redhat Enterprise (6) kernel(s)
(over time mounts get randomly unaccessible) and as far as i see, Samba up
to 4.0.1 cannot interpret NFSv4 ACLs during it's own access control
q: are you aware, that you are compromising the option to modify the ACLs from
the windows client side and the access permissions are displayed incorrectly
on the windows side ?
a: yes, but this is of no relevance in our environment. The ACLs are set on
the Unix side and should only be in effect. No need to make them visible
or editable from windows
q: why such reexporting NFS via Samba (kind of network filesystem proxy) ?
a: all data is on Netapps. Netapp CIFS export is an option, but Samba offers
fantastic flexibility here and performance is fully sufficient :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3820 bytes
Desc: not available
More information about the samba-technical