deprecated "profile acls" for 4.7
Stefan Metzmacher
metze at samba.org
Tue Jun 13 10:44:07 UTC 2017
Hi,
as "profile acls = yes" doesn't work anymore with modern clients
(and I also don't understand why it was added with the current behaviour
at all), I'd like to deprecate the option and later remove the feature,
If needed it needs to be readded as vfs module again, but only
if someone is able to explain it to me:-)
Please review and push:-)
Thanks!
metze
-------------- next part --------------
From f602d55c64cb3dcc91cc9ded3ad6b0fa744f8ad8 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 13 Jun 2017 11:59:30 +0200
Subject: [PATCH 1/2] docs-xml/smbdotconf: deprecated "profile acls"
This doesn't work anymore with modern clients,
and there're better ways to support profiles on a share.
Typically something like this seems to work:
[winprofiles]
comment = Users profiles New
path = /data/winprofiles/
browseable = No
read only = No
csc policy = disable
store dos attributes = yes
vfs objects = acl_xattr
With chmod 1777 on /data/winprofiles/
In order to work around some locking problems, see
https://bugzilla.samba.org/show_bug.cgi?id=12833
It's also useful to something like this in the global
section in order to detect disconnects reliable:
socket options = TCP_KEEPCNT=5 TCP_KEEPIDLE=30 TCP_KEEPINTVL=1
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
docs-xml/smbdotconf/protocol/profileacls.xml | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml
index ade906c..a660c52 100644
--- a/docs-xml/smbdotconf/protocol/profileacls.xml
+++ b/docs-xml/smbdotconf/protocol/profileacls.xml
@@ -1,9 +1,22 @@
<samba:parameter name="profile acls"
context="S"
type="boolean"
+ deprecated="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
+ As most system support support posix acls and extended attributes
+ today. The "acl_xattr" vfs module should be used instead of
+ using <smbconfoption name="profile acls">yes</smbconfoption>.
+ Using an vfs module that provides nfs4 acls may also work.
+ </para>
+
+ <para>
+ With modern clients (as of 2017) it's not possible to
+ use <smbconfoption name="profile acls">yes</smbconfoption> anymore.
+ </para>
+
+ <para>
This boolean parameter was added to fix the problems that people have been
having with storing user profiles on Samba shares from Windows 2000 or
Windows XP clients. New versions of Windows 2000 or Windows XP service
@@ -40,6 +53,9 @@
On other shares, it might cause incorrect file ownerships.
</para>
+ <para>
+ This parameter is deprecated with Samba 4.7 and will be removed in future versions.
+ </para>
</description>
<value type="default">no</value>
--
1.9.1
From 5a94b318c883631834e37db169075a007584ea6f Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Tue, 13 Jun 2017 11:59:30 +0200
Subject: [PATCH 2/2] WHATSNEW: deprecated "profile acls"
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
WHATSNEW.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8548e16..1a36e88 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -103,6 +103,7 @@ smb.conf changes
auth event notification New parameter no
auth methods Deprecated
map untrusted to domain Deprecated
+ profile acls Deprecated
strict sync Default changed yes
Removal of lpcfg_register_defaults_hook()
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170613/c88188fd/signature.sig>
More information about the samba-technical
mailing list