[Samba] 4.1.7 Server Side Copies & Disk Permissions

David Disseldorp ddiss at suse.de
Mon Apr 28 07:57:23 MDT 2014


On Tue, 22 Apr 2014 11:46:26 +0200, David Disseldorp wrote:

> > Same as in 4.1.6 and always the same so I will not bother to add a log.
> > 
> > If you follow http://wiki.samba.org/index.php/Setting_up_a_home_share
> > 
> > But have vfs objects = btrfs declared all is different.
> > 
> > You can add users and groups but the default Everyone,  CREATOR GROUP and a Unknown you just can't delete them.
> > 
> > As soon as you press apply then they are back again.  
> 
> I expect this is due to the POSIX to Windows Access Control List mapping
> behaviour. The Owner, Group and Other entries are always present in a
> POSIX ACL. Samba maps these entries to NT ACL entries on retrieval.
> 
> The vfs_btrfs module doesn't intercept ACL retrieval/manipulation
> requests, so you shouldn't see any difference from the default VFS in
> this regard.

For the record, the issue is caused by Samba's setting of the
"vfs objects" parameter when running as an AD domain controller.

https://bugzilla.samba.org/show_bug.cgi?id=10560

If "vfs objects" is not set, then Samba configures the dfs_samba4 and
acl_xattr VFS modules. If it is set, then the parameter is left as is.

Which means if a user goes from...

[global]
server role = active directory domain controller
[share]
        path = /samba/samba1/
        read only = No

to...

[global]
server role = active directory domain controller
[share]
        path = /samba/samba2/
        read only = No
        vfs objects = btrfs

...then the acl_xattr module is implicitly disabled, breaking the users
existing ACL<->xattr mapping setup.

AFAICT, this behaviour is currently undocumented.

Cheers, David


More information about the samba-technical mailing list