Samba on Linux with no ACL's is making things tough
peter at cadcamlab.org
Sat Apr 1 12:42:10 GMT 2000
> I am presently in the process of moving my company's file server from
> Windows NT 4.0 over to Linux with SAMBA and the lack of ACL support
> in the ext2 filesystem is making things very difficult to design. To
> clarify I am NOT writing about Samba's support for NT ACL's on
> NTFS. I am writing to possibly get some tips for getting around the
> lack of ACL's in ext2. I know that ReiserFS and SGI's XFS both have
> support for ACL's, but these are beta file systems and that is not
> acceptable. Also I know there are projects for ACL support in ext2,
> but there are also at the most beta code.
Samba does not directly support ACLs on any OS. That is to say, you
can't manipulate them from the client. Sounds like this wouldn't be a
problem for you, as you would set it all up directly on the server.
I don't know much about ReiserFS -- at least not firsthand, since I
haven't tried it -- but SuSE ships and supports it. Now, it is true
that Al Viro (kernel VFS guru) doesn't like the shape ReiserFS is in,
but (a) Al is very demanding, and (b) mostly what he doesn't like about
is is that it may well have boundary conditions ripe for security
holes. Shouldn't be a problem if you don't give out shell accounts to
untrusted people -- we're not talking about *remote* exploits here.
I would give it a try. Perhaps using SuSE, since they're the ones who
are actually shipping ReiserFS standard.
More information about the samba