map system.cifs_acl of cifs client to security.NTACL

Anip Patel anip.ddu at
Mon Jun 23 09:24:12 MDT 2014


My architecture is like this .

NAS running windows server  export cifs ---> mount on linux via cifs kernel
client ---> fuse file system -----> samba server export fuse mount ->

I am using vfs objects = acl_xattr option to provide full windows like

so on cifs kernel client when i use *getcifsacl *i get NTACL from HP NAS.

Problem is for *existing* file i want to push NTACL get by getcifsacl to
windows client. bcoz for newly created file i can hack into my fuse file
system and store security.NTACL in user.NTACL and it is working perfectly.

For existing file my plan is as follows.

when we use getcifsacl it uses extended attribute *system.cifs_acl. *and
samba uses security.NTACL to store NTACL. I want to hack my fuse file
system so when samba call get_xattr on security.NTACL for existing files, i
will read system.cifs_acl and return it.

But this is not working. I think there is a mismatch in format means they
both are not binary compatible.

Does anybody have idea how i can push ACLS from cifs kernel client to
windows client. Or how to map this 2 extended attribute.


More information about the samba-technical mailing list