[Samba] Samba and ACL's

Guenter Kukkukk lists at kukkukk.com
Wed Jan 19 15:43:57 GMT 2005


Hello Travis,


> Hey All,
>
> I am trying to get Samba to work with winbind and ACL's on Fedora Core 2. So
> far so good as far as getting winbind to work with Samba but I am having
> trouble getting Samba to recognize ACL's. I am wondering if there is a
> command I can run to determine if my Samba install is ACL capable...
>
> Any ideas?
>
> Cheers,
>
> Travis
>
> -- 

to use ACLs, the filesystem, on which your samba shares are located,
must support xattr (extended attributes).
If your kernel is compiled right and the used filesystem is mounted right,
you should get xattr support.
  - ext3 supports xattr of max. size about 3.9 kB
  - reiserfs allows xattr size of max. 64 kB

On SuSE 9.1, 9.2 systems xattr support is available "out of the box".
On other distributions you might need to ask in their own mailing lists
or newsgroups.
Below i append an excerpt from samba 4.0 "howto.txt" (written by
A. Tridgell). Those suggested checks should also apply to xattr support
on samba 3.0.x.
Best wishes - Guenter

-------------- excerpt from samba 4.0 "howto.txt" --
....
NOTE about filesystem support
-----------------------------

To use the advanced features of Samba4 you need a filesystem that
supports both the "user" and "system" xattr namespaces.

If you run Linux with a 2.6 kernel and ext3 this means you need to
include the option "user_xattr" in your /etc/fstab. For example:

/dev/hda3   /home     ext3    user_xattr     1 1

You also need to compile your kernel with the XATTR and SECURITY
options for your filesystem. For ext3 that means you need:

   CONFIG_EXT3_FS_XATTR=y
   CONFIG_EXT3_FS_SECURITY=y

If you don't have a filesystem with xattr support, then you can
simulate it by using the option:

   posix:eadb = /usr/local/samba/eadb.tdb

that will place all extra file attributes (NT ACLs, DOS EAs, streams
etc), in that tdb. It is not efficient, and doesn't scale well, but at
least it gives you a choice when you don't have a modern filesystem.

Testing your filesystem
-----------------------

To test your filesystem support, install the 'attr' package and run
the following 4 commands as root:

  touch test.txt
  setfattr -n user.test -v test test.txt
  setfattr -n security.test -v test2 test.txt
  getfattr -d test.txt
  getfattr -n security.test -d test.txt

You should see output like this:

  # file: test.txt
  user.test="test"

  # file: test.txt
  security.test="test2"

If you get any "Operation not supported" errors then it means your
kernel is not configured correctly, or your filesystem is not mounted
with the right options.

If you get any "Operation not permitted" errors then it probably means
you didn't try the test as root.

-------------- end of excerpt from samba 4.0 howto.txt--




More information about the samba mailing list