Accessing ZFS snapshot directories over SMB
slow at samba.org
Fri May 18 07:13:44 UTC 2018
On Fri, May 18, 2018 at 08:20:55AM +0200, Timur I. Bakeyev wrote:
> Hi, Ralph!
> On 17 May 2018 at 12:55, Ralph Böhme <slow at samba.org> wrote:
> > Hi!
> > Bug https://bugzilla.samba.org/show_bug.cgi?id=13175 has been lingering
> > far too
> > long with competing patches that try to address the issue.
> > I just uploaded a reworked patch that should take into account the private
> > patch
> > FreeBSD is currently shipping, I'm just switchin the default to allows
> > access to
> > snapshot dirs by default.
> > So, final call, please ack or nack *now*. :)
> Sorry for taking too long with this patch - by itself it's pretty simple,
> hence there are multiple implementations and bike-shedding :)
I guess there's also the perfect is the enemy of the good syndrome at play. :)
> I got puzzled with the DEFAULT_ACL_POSIX usage in your patch. This name is
> confusing for my not very educated sight :) Do I understand correctly that
> it just creates NT ACLs based on the mode_t permissions?
exactly. I guess that's exactly what we want if the filesystem lacks native ACLs
for the special directory.
> In general I want to see seamless integration here with the behavior
> introduced in the
> https://svnweb.freebsd.org/base?view=revision&revision=329265 as this is
> now the standard behavior of ZFS on FreeBSD at least. Which brings the
> question - who are currently using vfs_zfsacl besides FreeBSD?
Solaris and derived distribitions use it, that's where it's coming from after
> As I understand the generated ACL for .zfs/ directory would match the one
> returned for .zfs/ by the OS? I.e. it won't have SEC_DIR_WRITE_ATTRIBUTE |
> SEC_DIR_WRITE_EA | SEC_DIR_READ_ATTRIBUTE | SEC_DIR_WRITE_EA flags.
I believe so. Cf source3/smbd/posix_acls.c:make_default_acl_posix().
> Taking into account the native OS support I don't think that we need to
> have 'zfsacl:expose_snapdir' flag at all - in the case Samba will be
> running on FreeBSD 11.2 or later this directory will be automagicaly
> exposed by OS, so we'd rather mimic OS behavior.
ok, I'll remove it then. Also, looks like the patch I attached to the bugreport
doesn't compile due to missing includes. I accidentally deleted my FreeBSD VM
image a few days ago, so I didn't compile the patch. I know, I know, shame on
me... Currently reinstalling the VM.
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5
59E4 AA1E 9B71 2639 9E46
More information about the samba-technical