Accessing ZFS snapshot directories over SMB

Ralph Böhme slow at
Fri May 18 07:13:44 UTC 2018

Hi Timur,

On Fri, May 18, 2018 at 08:20:55AM +0200, Timur I. Bakeyev wrote:
> Hi, Ralph!
> On 17 May 2018 at 12:55, Ralph Böhme <slow at> wrote:
> > Hi!
> >
> > Bug has been lingering
> > far too
> > long with competing patches that try to address the issue.
> >
> > I just uploaded a reworked patch that should take into account the private
> > patch
> > FreeBSD is currently shipping, I'm just switchin the default to allows
> > access to
> > snapshot dirs by default.
> >
> > So, final call, please ack or nack *now*. :)
> >
> Sorry for taking too long with this patch - by itself it's pretty simple,
> hence there are multiple implementations and bike-shedding :)

I guess there's also the perfect is the enemy of the good syndrome at play. :)

> I got puzzled with the DEFAULT_ACL_POSIX usage in your patch. This name is
> confusing for my not very educated sight :) Do I understand correctly that
> it just creates NT ACLs based on the mode_t permissions?

exactly. I guess that's exactly what we want if the filesystem lacks native ACLs
for the special directory.

> In general I want to see seamless integration here with the behavior
> introduced in the
> as this is
> now the standard behavior of ZFS on FreeBSD at least. Which brings the
> question - who are currently using vfs_zfsacl besides FreeBSD?

Solaris and derived distribitions use it, that's where it's coming from after
all. :)

> As I understand the generated ACL for .zfs/ directory would match the one
> returned for .zfs/ by the OS? I.e. it won't have SEC_DIR_WRITE_ATTRIBUTE |

I believe so. Cf source3/smbd/posix_acls.c:make_default_acl_posix().

> Taking into account the native OS support I don't think that we need to
> have 'zfsacl:expose_snapdir' flag at all - in the case Samba will be
> running on FreeBSD 11.2 or later this directory will be automagicaly
> exposed by OS, so we'd rather mimic OS behavior.

ok, I'll remove it then. Also, looks like the patch I attached to the bugreport
doesn't compile due to missing includes. I accidentally deleted my FreeBSD VM
image a few days ago, so I didn't compile the patch. I know, I know, shame on
me... Currently reinstalling the VM.


Ralph Boehme, Samba Team
Samba Developer, SerNet GmbH
GPG Key Fingerprint:           FAE2 C608 8A24 2520 51C5
                               59E4 AA1E 9B71 2639 9E46

More information about the samba-technical mailing list