[Samba] windows and nfs4 acls

Jeremy Allison jra at samba.org
Tue Feb 28 10:45:11 MST 2012


On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:
> 2012-02-28 08:27 keltezéssel, steve írta:
> > Hi everyone
> >
> > We're really struggling with nfs4 <--> windows acls.
> >
> > Scenario
> >  Samba4 share --> cifs --> win7. No problem
> >  Samba4 share --> nfs4 --> Linux. acls not inherited
> > Neither is there inheritance vica versa.
> >
> >  e.g. It is not possible to create files with group rw on a umask 0022
> > nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
> > acls this works fine. I've approached the nfs4 devs and they've said
> > that they'll look into it, but so far. Exporting nfs4 with -o noacl
> > (in the hope that the windows acl would take effect) has no effect.
> >
> > 1. Is it possible to get Samba to override the nfs4 acl and use
> > whatever I've set on windows security acl instead?
> > 2. Is there a way to export a single directory with a umask of my choice?
> > 3. Would it be reasonable to ask my distro (openSUSE) to consider this
> > problem as a feature request? Perhaps as a patch over nfs4_setfacl?
> > Thanks,
> > L & S at lcb
> >
> IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
> order to get them applied o the Linux (or NFS4) side there should be a
> Linux kernel security module (LSM) which would override the posix acls.

If RichACLs gets adopted (I'm assuming this will be the
same model as NFSv4) then we'll just add a Samba VFS
module to map incoming Windows ACLs to RichACLs.

Jeremy.


More information about the samba mailing list