[Samba] windows and nfs4 acls

Gémes Géza geza at kzsdabas.hu
Tue Feb 28 10:37:21 MST 2012


2012-02-28 08:27 keltezéssel, steve írta:
> Hi everyone
>
> We're really struggling with nfs4 <--> windows acls.
>
> Scenario
>  Samba4 share --> cifs --> win7. No problem
>  Samba4 share --> nfs4 --> Linux. acls not inherited
> Neither is there inheritance vica versa.
>
>  e.g. It is not possible to create files with group rw on a umask 0022
> nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
> acls this works fine. I've approached the nfs4 devs and they've said
> that they'll look into it, but so far. Exporting nfs4 with -o noacl
> (in the hope that the windows acl would take effect) has no effect.
>
> 1. Is it possible to get Samba to override the nfs4 acl and use
> whatever I've set on windows security acl instead?
> 2. Is there a way to export a single directory with a umask of my choice?
> 3. Would it be reasonable to ask my distro (openSUSE) to consider this
> problem as a feature request? Perhaps as a patch over nfs4_setfacl?
> Thanks,
> L & S at lcb
>
IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
order to get them applied o the Linux (or NFS4) side there should be a
Linux kernel security module (LSM) which would override the posix acls.

Regards

Geza


More information about the samba mailing list