[Samba] ACLs in windows clients w/ GPFS
big beer
bigbeerjr at gmail.com
Fri May 28 09:58:54 MDT 2010
On Fri, May 28, 2010 at 1:31 AM, Orlando Richards
<orlando.richards at ed.ac.uk> wrote:
> On -10/01/37 20:59, big beer wrote:
>>
>> Hello list,
>>
>> I've got a ctdb cluster working against a GPFS cluster. I've got ACLs
>> going and have set the default/active ACLs on my folders. The ACLs
>> seem to be working fine, they are correctly limiting/allowing access
>> to the said folders/files.
>>
>> My issue is that when using the windows client to view/change the ACLs
>> everything goes south. When trying to view the ACLs via right clicking
>> on the folder in windows and going to the security tab only shows the
>> basic unix permissions (owner/group/other). If I try to add a new user
>> to the ACL via windows it still won't show up in the security window
>> after adding. When going back to a shell and looking at the ACLs on
>> the folder in question the new user is present, but the previous ACLs
>> have been removed.
>>
>> Any thoughts on how to get these ACLs to show/work through a windows
>> client?
>>
>> Thanks!
>>
>
> Hi Big (!),
>
> I've got it working at the moment - here are some relevant settings from my
> smb.conf. Make sure your filesystem is set to use NFSv4 ACLs ("-k nfs4", or
> possibly "-k all").
>
> vfs objects = gpfs fileid shadow_copy2
> nfs4: mode = special
> nfs4: chown = yes
> nfs4: acedup = merge
> force unknown acl user = yes
> acl group control = true
> map acl inherit = yes
> inherit acls = no
> dos filemode = no
>
> I'm using samba 3.4.5-42
>
> --
> Orlando.
>
>
>
> --
> --
> Dr Orlando Richards
> Information Services
> IT Infrastructure Division
> Unix Section
> Tel: 0131 650 4994
>
> The University of Edinburgh is a charitable body, registered in Scotland,
> with registration number SC005336.
>
It was the -k setting on the FS. I was running with -k all and trying
to use POSIX ACLs. After changing over to -k nfs4 and putting nfs4
ACLs on the FS it works as expected.
I guess the GPFS module doesn't work with POSIX ACLs?
Thanks!
More information about the samba
mailing list