[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
Ben Metcalfe
bwmetcalfe at gmail.com
Wed Apr 18 14:06:24 MDT 2012
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*"The data area passed to a system call is too small"*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same "broken" folder to an EXT4 file system via the server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ‘O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
‘O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc’ /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Samba is running in stdout debug more: sudo /usr/local/samba/sbin/samba -i
-M single and throws no errors during the course of the problem.
I've set the zpool's aclinherit flag to "=passthrough" with no difference
detected in the behaviour.
I'll try on another samba 3 + zfs machine tomorrow to see if I can
replicate this.
Any ideas welcome in the mean time (I *should* be able to alter permissions
on Samba 4 shares from XP Pro; don't need Windows 7 to administer?).
Thanks,
Ben.
More information about the samba
mailing list