[Samba] Samba and ACL's
lists at kukkukk.com
Wed Jan 19 15:43:57 GMT 2005
> Hey All,
> I am trying to get Samba to work with winbind and ACL's on Fedora Core 2. So
> far so good as far as getting winbind to work with Samba but I am having
> trouble getting Samba to recognize ACL's. I am wondering if there is a
> command I can run to determine if my Samba install is ACL capable...
> Any ideas?
to use ACLs, the filesystem, on which your samba shares are located,
must support xattr (extended attributes).
If your kernel is compiled right and the used filesystem is mounted right,
you should get xattr support.
- ext3 supports xattr of max. size about 3.9 kB
- reiserfs allows xattr size of max. 64 kB
On SuSE 9.1, 9.2 systems xattr support is available "out of the box".
On other distributions you might need to ask in their own mailing lists
Below i append an excerpt from samba 4.0 "howto.txt" (written by
A. Tridgell). Those suggested checks should also apply to xattr support
on samba 3.0.x.
Best wishes - Guenter
-------------- excerpt from samba 4.0 "howto.txt" --
NOTE about filesystem support
To use the advanced features of Samba4 you need a filesystem that
supports both the "user" and "system" xattr namespaces.
If you run Linux with a 2.6 kernel and ext3 this means you need to
include the option "user_xattr" in your /etc/fstab. For example:
/dev/hda3 /home ext3 user_xattr 1 1
You also need to compile your kernel with the XATTR and SECURITY
options for your filesystem. For ext3 that means you need:
If you don't have a filesystem with xattr support, then you can
simulate it by using the option:
posix:eadb = /usr/local/samba/eadb.tdb
that will place all extra file attributes (NT ACLs, DOS EAs, streams
etc), in that tdb. It is not efficient, and doesn't scale well, but at
least it gives you a choice when you don't have a modern filesystem.
Testing your filesystem
To test your filesystem support, install the 'attr' package and run
the following 4 commands as root:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
getfattr -n security.test -d test.txt
You should see output like this:
# file: test.txt
# file: test.txt
If you get any "Operation not supported" errors then it means your
kernel is not configured correctly, or your filesystem is not mounted
with the right options.
If you get any "Operation not permitted" errors then it probably means
you didn't try the test as root.
-------------- end of excerpt from samba 4.0 howto.txt--
More information about the samba