Samba4 on OpenBSD: a report (tags: waf, s3fs, ntvfs)

Jérémie Courrèges-Anglas jca at
Tue Sep 1 17:25:27 UTC 2015

Andrew Bartlett <abartlet at> writes:


>> > There is another particular point that matters for OpenBSD support: 
>> > s3fs
>> > vs. ntvfs.  I have lightly tested a Samba AD DC setup, which 
>> > required
>> > the use of ntvfs instead of s3fs (the default).  s3fs failed 
>> > because ACL
>> > support is required, alas "POSIX" ACLs aren't available on OpenBSD 
>> > (and
>> > there is no plan to change that).  Thus I'd like to inquire what 
>> > are the
>> > plans regarding ntvfs and s3fs.  Maybe s3fs could be made to work
>> > without requiring ACLs?
>> Unfortunately that can't be done. AD-DC *requires* ACL support
>> on the filesystem. You could run it in a configuration that
>> allows Windows ACLs to be stored in extended attributes (or
>> a tdb database) but then it wouldn't be safe to allow local
>> users access to the files.
> Exactly.  The only area that I can see some forward progress being
> possible on is allowing a provision onto an NFSv4-ACLed filesystem,

(We don't plan to implement NFSv4 soon either.)

> as
> that is mostly a matter of setting up the right VFS modules.  I don't
> see OpenBSD supporting the AD DC any time soon.

I have no idea yet about how broken is an AD DC setup on OpenBSD.

Hence my naive question about the future of ntvfs, and if the latter is
doomed to be removed, the possibility of amending s3fs so that
*filesystem-level* ACLs aren't required.  Of course someone would then
have to do that work... *

> This won't stop it being used as a great file server, however.



* hmm, I've just discovered vfs_acl_tdb(8).  Relevant?
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

More information about the samba-technical mailing list