[Samba] viewing, if not editing, NFSv4 ACL's from Samba shares

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Apr 20 15:31:47 MDT 2010

On Tue, Apr 20, 2010 at 05:20:47PM -0400, Nico Kadel-Garcia wrote:
> Nope. I really, really wish it did. The relevant clients are Windows
> XP, if that has any role. And I've confirmed that the files and
> directories generated do follow the NFSv4 ACL policies.

And they don't allow to modify them? That's strange.

> As a relatively ignorant user, I wonder if mapping for display might
> be considered too awkward. NFSv4 ACL's are storead as
> 'username at domain', rather than as 'username', and Windows doesn't seem
> to have the same concept of ordering of ACL's as NFSv4 has, so it
> could be pretty tricky.

ACL ordering is one of the nastiest pieces of NFSv4/Windows
ACL interop. But you can't do much about that.

> > What platform is your Samba server running on? Is this
> > Solaris?
> RHEL 5. It's why I've been writing lately about the tI've been
> avoiding Solaris as file servers since I wrote one of the first Samba
> ports for SunOS 4.1.2, way back in the 1990's.

I thought it was Solaris because you've got the zfsacl
module activated.

I was told today that the Linux NFSv4 client file system
passes the ACLs as xattrs to user space. So it should "just"
be a matter of writing a VFS module to get what you want.
Probably very few days of coding. If just had time...


More information about the samba mailing list