Samba + NFS + (not visible) ACLs

Albert Fluegel af at
Fri Feb 15 03:16:01 MST 2013


On Wed, Feb 13, 2013 at 04:59:10PM +0100, Alexander Werth wrote:
> ...
> have you considered implementing something like this as a vfs module?
had not looked at that option before. Fortunately there is a good
documentation about writing vfs modules available.

> It should be possible to override the vfs function that queries the
> security descriptor with a function that returns a security descriptor
> granting full access for everyone.
> Then the any access check in the smbd/open.c would just pass.
> ...
So i wrote a vfs module file and xml docs. They are attached.
Would greatly appreciate to find them in future Samba versions.

Thanks for the hints !

 Albert Fluegel

> On Wed, 2013-02-13 at 15:14 +0100, Albert Fluegel wrote:
> > ...
> > In short: ACLs are set on an NFS-mounted filesystem, that is exported
> > via Samba by an NFS client, but the ACLs are not visible for this Samba
> > server (NFSv4 ACLs, but the mount is NFSv3) - however they are in effect.
> > This constellation causes strange phenomenons on the windows side, because
> > ...
> > The attached patch for Samba 4.0.1 introduces a new option
> > ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_fake_full_access.8.xml
Type: application/xml
Size: 2883 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_fake_full_access.c
Type: text/x-csrc
Size: 3131 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list