[Samba] question about "ignore system acls"

Alex Chu alex_chu at ezcloudtech.com
Fri May 17 02:14:54 MDT 2013


Hi,

Recently I'm trying Samba over Ceph (kernel client) mount. I encounter 
error when I add permission to file/directory for an additional user 
from Windows Explorer. Since Ceph does not support posix ACL operation 
for now, I was thinking that vfs_acl_xattr/vfs_acl_tdb with option 
"ignore system acls = yes" can workaround this issue but fail. From the 
man page of vfs_acl_xattr:

When set to yes, a best effort mapping from/to the POSIX ACL layer will 
not be done by this module. The default is no, which means that Samba 
keeps setting and evaluating both the system ACLs and the NT ACLs. This 
is better if you need your system ACLs be set for local or NFS file 
access, too. If you only access the data via Samba you might set this to 
yes to achieve better NT ACL compatibility.

 From the description, I thought if I set it to yes it will skip/ignore 
the setting of system ACL and only store NT ACL in xattr. However, the 
error still appear in Samba log:

acl_set_file failed: Operation not supported

even after I set it to yes. Following is my share definition:

[test]
vfs objects = acl_xattr
acl_xattr: ignore system acls = yes
available = yes
path = /mnt/ceph/test
browseable = yes
read only = no
guest ok = no
create mask = 0644
directory mask = 0755
valid users =

Can someone tell me what I had done wrong? Did I misunderstand the 
option or my configuration is in incorrect format? Thanks a lot!

BTW, I'm using version 3.6.3 on Ubuntu Precise.

Best regards,
Alex



More information about the samba mailing list