[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec

Sandeep Nashikkar snashikkar at commvault.com
Mon Dec 3 06:27:42 UTC 2018

On Fri, Nov 30, 2018 at 18:09 IST Ralph Böhme via samba-technical write
> Hi Sandeep,

> >On Fri, Nov 30, 2018 at 11:51:16AM +0000, Sandeep Nashikkar wrote:
> >Thanks a lot for the patchset.

> fwiw, latest version attached.

> > I tried it with our setup and with following options:
> >        nfs4acl_xattr:encoding = nfs
> >        nfs4acl_xattr:validate_mode = yes

> Why are you enabling this? I thought that doesn't make sense when resharing a
> NFS4 mount.

I was getting Access Denied error on SET ACL, so I thought it is because of permission issues. So I enabled this to give 0666 for files and 0777 for folders. Will try without this. 

> >        nfs4acl_xattr:nfs4_id_numeric = yes
> >        nfs4acl_xattr:xattr_name = system.nfs4_acl

> This is already the default when nfs4acl_xattr:encoding is set to nfs.

When nfs4_id_numeric was not set, I was getting BADXDR error from NFS server when SET ACL operation does SETXATTR operation. I debugged it by capturing the packet dump and realised that identifiers being sent in the blob are string identifiers. After setting nfs4_id_numeric to yes, the SET ACL operation is working fine. Please let me know if I am missing something while testing this patch. 

> >I could test the basic get and set ACL operations over SMB client on 
> >windows.

> Great! I was developing this with a FreeBSD 11 NFS4 server. Getting ACLs works, but for some reason setting always fail, even with the Linux NFS4 cli tools (nfs4_setfacl), so good to hear to have verification that setting works in general, just not in my setup.

> >Now, the important question is, when do we plan to push the commit in 
> >master and which version of Samba release we can expect to have these 
> >changes?  We also have tight schedules for deliverables due to customer 
> >requirements and it will help if we get to know the timelines.

> I guess this should make it into master in time for 4.10.

As far as I can read, 4.10 release is March 2019. That will be too late for us. Is it possible to backport this patchset to 4.8 or any previous versions to get it into one of the available release? That will be really helpful if its possible. I am not aware of the criteria which is followed for backporting, so please bear with my questions :)  

********************************Legal Disclaimer********************************
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. We may process
information in the email header of business emails sent and received by us
(including the names of recipient and sender, date and time of the email) for
the purposes of evaluating our existing or prospective business relationship.
The lawful basis we rely on for this processing is our legitimate interests. For
more information about how we use personal information please read our privacy
policy https://www.commvault.com/privacy-policy. Thank you."

More information about the samba-technical mailing list