Does vfs_glusterfs work with vfs_acl_xattr for samba 3.x?

Hafeez Bana hafeez.bana at
Wed Oct 9 12:05:25 MDT 2013


I have not managed to try out vfs_glusterfs because I can't find any
instructions on how to install or even compile it. If you have some
pointers - that would help.

In the meantime I did try vfs_acl_xattr using a fuse mounted gluster volume
with option acl enabled (gluster 3.4).

What I am finding is that gluster still has an issue writing out the
security.NTACL xattr atrribute which is used by vfs_acl_xattr i.e. The
posix acl's get updated but the security.NTACL write fails - the resulting
permission is just the posix acl permission (which usually loses the
fidelity of the finegrained NTACL permissions).

In the fuse code I know gluster actively blocks writes to the security
namespace for xattr (Its detailed here ). Is this specifically
bypassed in the VFS module (which would explain it working well in your

I know there has been discussion in the past on the samba list to move use
the trusted namespace rather then the security namespace.


On Thu, Oct 3, 2013 at 10:01 PM, Hafeez Bana <hafeez.bana at> wrote:

> Thats great news. Will try it out.
> Thx.
> hb
> On Thu, Oct 3, 2013 at 2:00 PM, RAGHAVENDRA TALUR <
> raghavendra.talur at> wrote:
>> Hi,
>> Although it has not been tested thoroughly yet, I have tried using
>> vfs_acl_xattr with vfs_glusterfs and it worked for me at the basic level.
>> I have not tested with AD though.
>> My test just had a windows client connect to a samba server sharing a
>> gluster volume using the vfs plugin and setting NT ACLs on files.
>> I was able to set full control and other attributes on the files.
>> Do try and let us know how it goes.
>> Raghavendra Talur
>> Gluster
>> On Thu, Oct 3, 2013 at 5:31 PM, Hafeez Bana <hafeez.bana at>wrote:
>>> Hello All,
>>> Thought I would ask before doing some comprehensive testing. Anyone have
>>> vfs_glusterfs working with vfs_acl_xattr?
>>> The last time I tried to combine the two by using vfs_acl_xattr and a
>>> fuse
>>> mounted gluster volume, the xattr's would not get read/written because
>>> acl_xattr was writing to a trusted namespace.
>>> Thanks your help.
>>> Regards,
>>> hb
>> --
>> *Raghavendra Talur *

More information about the samba-technical mailing list