[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems

Matthieu Patou mat at samba.org
Sat Apr 28 15:20:58 MDT 2012 

On 04/18/2012 01:06 PM, Ben Metcalfe wrote:
> Dear all,
>
> The system is Ubuntu 12.04 (latest beta as of yesterday)
> Bind 9.81 (12.04 standard)
> Samba 4, also git-cloned yesterday.
>
> I've imported a zpool created on another ubuntu system with the same
> version of zfs-linux (RC-8) http://zfsonlinux.org/
>
> The zpool is working perfectly well; responsive, no errors reported,
> scrubbed.
>
> Samba can see the zpool as part of the greater file system and share the
> 600GB or so spread across the varios zfs file systems on it via cifs.
>
> I've been through all the tests mentioned on the Samba 4 HOWTO and they
> return successful results.
>
> I'm sharing only via smb.conf - not using native ZFS CIFS commands.
>
> The problem:
>
> When I alter file permissions via CIFS from an XP Pro sp3 client (patched
> up to date, joined to the domain and able to administer AD users and
> computers) on any folder or subfolder shared from the zpool, I lose access
> to that folder via CIFS. I can still see the folder from its parent
> directory, but can't browse into it via CIFS. I can still browse the folder
> on the server's command line.
>
> The XP Pro client fails with the message:
> *"The data area passed to a system call is too small"*
> The OSX Snowleopard client just gives a silent fail.
> I click in, and nothing happens.
>
> When I mv the same "broken" folder to an EXT4 file system via the server's
> command line, I can repair the acls using:
>
> get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
> /${ZPOOL}/Lou/stuff/
> returns: ‘O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc
> set acls: /usr/local/samba/bin/samba-tool ntacl set
> ‘O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc’ /${EXT4
> Sharename}/Lou/stuff/
>
> ...after which I update the smb.conf entry and can browse the folder as
> normal, as long as it stays on the EXT4-backed share.
Well it might be something completely different.

Can you post the sddl you get + posix acls for the folder in ZFS ?
>
> The acl-compliance tests:
> setfattr -n user.test -v test test.txt
> setfattr -n security.test -v test2 test.txt
> getfattr -d test.txt
> ...return the correct results on both filesystems; EXT4 and ZFS.
Can you try to create a new folder in the ZFS filesystem and set ACLs on 
it and see how you can access it ?.


Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list