[Samba] ACLs in windows clients w/ GPFS

Orlando Richards orlando.richards at ed.ac.uk
Fri May 28 02:31:52 MDT 2010

On -10/01/37 20:59, big beer wrote:
> Hello list,
> I've got a ctdb cluster working against a GPFS cluster. I've got ACLs
> going and have set the default/active ACLs on my folders. The ACLs
> seem to be working fine, they are correctly limiting/allowing access
> to the said folders/files.
> My issue is that when using the windows client to view/change the ACLs
> everything goes south. When trying to view the ACLs via right clicking
> on the folder in windows and going to the security tab only shows the
> basic unix permissions (owner/group/other). If I try to add a new user
> to the ACL via windows it still won't show up in the security window
> after adding. When going back to a shell and looking at the ACLs on
> the folder in question the new user is present, but the previous ACLs
> have been removed.
> Any thoughts on how to get these ACLs to show/work through a windows client?
> Thanks!

Hi Big (!),

I've got it working at the moment - here are some relevant settings from 
my smb.conf. Make sure your filesystem is set to use NFSv4 ACLs ("-k 
nfs4", or possibly "-k all").

vfs objects = gpfs fileid shadow_copy2
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge
force unknown acl user = yes
acl group control = true
map acl inherit = yes
inherit acls = no
dos filemode = no

I'm using samba 3.4.5-42


    Dr Orlando Richards
   Information Services
IT Infrastructure Division
        Unix Section
     Tel: 0131 650 4994

The University of Edinburgh is a charitable body, registered in 
Scotland, with registration number SC005336.

More information about the samba mailing list