[Samba] Again on NT ACLs and Samba re-share of NFS or SMB mount
g.danti at assyoma.it
Thu Jul 31 01:24:58 MDT 2014
I spent the past days reading the mailing list archive, but still I have
some questions to ask. Moreover, a detailed report of what I attempted
can be useful for others.
Goal: having a remote SMB or NFS share, mount it locally and re-share it
using SAMBA. The remote SMB/NFS share will _not_ be directly used by
users; it will be used only through the local samba "proxy". NT ACLs
should be preserved as close as possible.
Software version: both machine runs CentOS 6.5 X86_64, with kernel
2.32.x and samba version 3.6.x
I evaluated the following possibilities:
1) use mount.cifs with root user to mount the remote share locally, then
re-export it via Samba.
PRO: use of the same protocol (SMB); support for POSIX ACLs
CONS: when creating some files using a Windows client connecting to the
Samba server, the file's owner is not set correctly as all new files are
owned by root and not by the Windows user.
QUESTION 1: It is possible to use a CIFS mount and correctly assing
owners to new files? Why it does not work? I am missing something?
2) use mount.nfs4 (NFS vers. 4) to mount the remote share (via NFS of
course), the re-export it via Samba.
PRO: NFSv4 has excellent performances; NFV4 ACLs support
CONS: no POSIX ACLs support; no USER_XATTR support
QUESTION 2: the missing POSIX ACLs support prevents to replicate NT ACLs
and at the same time the missing USER_XATTR prevents to use the
security.NTACL EA to store ACLs. On the mailing list I read about a
NFSv4 VFS module. However, I can not find it anywhere. It is still
developped? Can samba use NFSv4 ACLs?
3) use mount.nfs ver. 3 to mount the remote share (via NFS of course),
the re-export it via Samba.
PRO: NFSv3 supports POSIX ACLs
CONS: two different protocols to use/configure, I need to disable strict
locking in Samba configuration, NFSv3 is an old protocol nowadays.
QUESTION3: using the NFS share via Samba _only_ (even with strict
locking=no) is a reasonable setup or I can expect data corruption? The
NFS share will _never_ accessed directly.
4) use iSCSI (or similar protocol) to export the remote disk using a
low-level protocol and mount it locally on the samba server.
PRO: the server directly mounts an EXT4 filesystem, with POSIX ACLs and
USER_XATTR (enabling perfect store of Windows ACLs)
CONS: it effectively "stole" the disk from the remote server;
potentially lower performance (?)
QUESTION 4: anyone used samba via iSCSI? Did you have good performance?
My current testing setup is using proposal n.3 - NFSv3
I both have good performance and good ACLs mapping, but I'm open to
Thank you all.
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8
More information about the samba