[Samba] windows and nfs4 acls
steve at steve-ss.com
Wed Feb 29 14:28:53 MST 2012
On 02/28/2012 06:45 PM, Jeremy Allison wrote:
> On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:
>> 2012-02-28 08:27 keltezéssel, steve írta:
>>> Hi everyone
>>> We're really struggling with nfs4<--> windows acls.
>>> Samba4 share --> cifs --> win7. No problem
>>> Samba4 share --> nfs4 --> Linux. acls not inherited
>>> Neither is there inheritance vica versa.
>>> e.g. It is not possible to create files with group rw on a umask 0022
>>> nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
>>> acls this works fine. I've approached the nfs4 devs and they've said
>>> that they'll look into it, but so far. Exporting nfs4 with -o noacl
>>> (in the hope that the windows acl would take effect) has no effect.
>>> 1. Is it possible to get Samba to override the nfs4 acl and use
>>> whatever I've set on windows security acl instead?
>>> 2. Is there a way to export a single directory with a umask of my choice?
>>> 3. Would it be reasonable to ask my distro (openSUSE) to consider this
>>> problem as a feature request? Perhaps as a patch over nfs4_setfacl?
>>> L& S at lcb
>> IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
>> order to get them applied o the Linux (or NFS4) side there should be a
>> Linux kernel security module (LSM) which would override the posix acls.
> If RichACLs gets adopted (I'm assuming this will be the
> same model as NFSv4) then we'll just add a Samba VFS
> module to map incoming Windows ACLs to RichACLs.
This really is a hopeless situation at the moment. The nfs devs have
suggested I switch from the secure nfs4 to nfs3 so I can use posix acls.
This does not work however. I use setfacl on a folder. As soon as it is
mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike.
The devs of the various filesystems seem to be working in isolation. We
feel trapped and can't see a way out. I wonder if this is due to us
asking poor questions? Could I simplify?
We want a folder where files are created group rw from a base filesystem:
Samba4 <--> Win7 acl=OK
The same Samba4 server internal posix acl on ext4 acl=OK
The same folder on the same server mounted nfs acl=destroyed
Have I overlooked anything here?
Thanks for your time,
More information about the samba