[Samba] ACL problem with Samba > 3.4.x on GPFS

Jonathan Buzzard jonathan at buzzard.me.uk
Thu Feb 21 04:24:09 MST 2013


On Mon, 2013-02-18 at 13:52 +0100, Alexander Födisch wrote:
> When a file is created with samba 3.5.x or 3.6.x, it is created effective read-only:
> 
> ~ # getfacl Microsoft\ Word-Dokument\ \(neu\).docx
> # file: Microsoft\040Word-Dokument\040(neu).docx
> # owner: root
> # group: 11816
> user::rwx
> user:11582:rwx            #effective:r--
> group::rwx                    #effective:r--
> mask::r--
> other::---
> 
> 
> The ACL-settings for the parent directory are ok:
> 
> ~ # getfacl .
> # file: .
> # owner: root
> # group: 11816
> user::rwx
> user:11582:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:11582:rwx
> default:group::rwx
> default:mask::rwx
> default:other::---
> 

I strongly recommend that you stop using system ACL tools to look at
GPFS ACL's and use the vendor provided mmgetacl, mmputacl and mmeditacl
to manipulate them.

You don't mention whether you are using the vfs_gpfs module, or why you
are using Posix ACL's rather than NFSv4 ACL's. That latter makes much
more sense.

All that said are you running into the Office 2007 upwards feature where
if you modify a document created by user A by user B, then user B ends
up with read-only permissions on the document. The fix I deployed was to
use the following options so that vfs_gpfs was storing DOS attributes in
the file system itself.

	ea support = yes
	store dos attributes = yes
	map readonly = no
	map archive = no
	map system = no
	gpfs : winattr = yes

Note that this was with an NFSv4 only GPFS file system.

JAB.

-- 
Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.



More information about the samba mailing list