deprecated "profile acls" for 4.7
Jeremy Allison
jra at samba.org
Tue Jun 13 16:37:58 UTC 2017
On Tue, Jun 13, 2017 at 12:44:07PM +0200, Stefan Metzmacher via samba-technical wrote:
> Hi,
>
> as "profile acls = yes" doesn't work anymore with modern clients
> (and I also don't understand why it was added with the current behaviour
> at all), I'd like to deprecate the option and later remove the feature,
> If needed it needs to be readded as vfs module again, but only
> if someone is able to explain it to me:-)
>
> Please review and push:-)
LGTM. Pushed !
> From f602d55c64cb3dcc91cc9ded3ad6b0fa744f8ad8 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Tue, 13 Jun 2017 11:59:30 +0200
> Subject: [PATCH 1/2] docs-xml/smbdotconf: deprecated "profile acls"
>
> This doesn't work anymore with modern clients,
> and there're better ways to support profiles on a share.
>
> Typically something like this seems to work:
>
> [winprofiles]
> comment = Users profiles New
> path = /data/winprofiles/
> browseable = No
> read only = No
> csc policy = disable
> store dos attributes = yes
> vfs objects = acl_xattr
>
> With chmod 1777 on /data/winprofiles/
>
> In order to work around some locking problems, see
> https://bugzilla.samba.org/show_bug.cgi?id=12833
>
> It's also useful to something like this in the global
> section in order to detect disconnects reliable:
>
> socket options = TCP_KEEPCNT=5 TCP_KEEPIDLE=30 TCP_KEEPINTVL=1
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> docs-xml/smbdotconf/protocol/profileacls.xml | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml
> index ade906c..a660c52 100644
> --- a/docs-xml/smbdotconf/protocol/profileacls.xml
> +++ b/docs-xml/smbdotconf/protocol/profileacls.xml
> @@ -1,9 +1,22 @@
> <samba:parameter name="profile acls"
> context="S"
> type="boolean"
> + deprecated="1"
> xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> <description>
> <para>
> + As most system support support posix acls and extended attributes
> + today. The "acl_xattr" vfs module should be used instead of
> + using <smbconfoption name="profile acls">yes</smbconfoption>.
> + Using an vfs module that provides nfs4 acls may also work.
> + </para>
> +
> + <para>
> + With modern clients (as of 2017) it's not possible to
> + use <smbconfoption name="profile acls">yes</smbconfoption> anymore.
> + </para>
> +
> + <para>
> This boolean parameter was added to fix the problems that people have been
> having with storing user profiles on Samba shares from Windows 2000 or
> Windows XP clients. New versions of Windows 2000 or Windows XP service
> @@ -40,6 +53,9 @@
> On other shares, it might cause incorrect file ownerships.
> </para>
>
> + <para>
> + This parameter is deprecated with Samba 4.7 and will be removed in future versions.
> + </para>
> </description>
>
> <value type="default">no</value>
> --
> 1.9.1
>
>
> From 5a94b318c883631834e37db169075a007584ea6f Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Tue, 13 Jun 2017 11:59:30 +0200
> Subject: [PATCH 2/2] WHATSNEW: deprecated "profile acls"
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> WHATSNEW.txt | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/WHATSNEW.txt b/WHATSNEW.txt
> index 8548e16..1a36e88 100644
> --- a/WHATSNEW.txt
> +++ b/WHATSNEW.txt
> @@ -103,6 +103,7 @@ smb.conf changes
> auth event notification New parameter no
> auth methods Deprecated
> map untrusted to domain Deprecated
> + profile acls Deprecated
> strict sync Default changed yes
>
> Removal of lpcfg_register_defaults_hook()
> --
> 1.9.1
>
More information about the samba-technical
mailing list