[Samba] Linux & NFSv4 ACLs

[Jeremy Allison]

On Thu, Dec 03, 2015 at 06:03:39PM -0700, Nick Couchman wrote:
> 
> > On Dec 3, 2015, at 17:24, Jeremy Allison <jra at samba.org> wrote:
> > 
> >> On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote:
> >> I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4.  I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead of "Access Denied" errors that I currently get.
> >> 
> >> Looking at the Samba source, the only obvious NFSv4 stuff appears to be the following:
> >> - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support simply because that's what ZFS uses.  Don't see a way to use this on Linux.
> >> - gpfs, available only if you happen to have the GPFS code/headers installed (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are even freely-available.
> >> - aixacl/aixacl2, looks like it only works on AIX.
> >> 
> >> First, am I correct in the above findings - that there is no way to operate any of these three modules on Linux out of the box?  Second, am I missing something obvious related to NFSv4 ACLs on Linux, or is there some other VFS module somewhere that supports NFSv4 ACLs?
> >> 
> >> Also, no, it is not an option to mount the filesystems in question with NFSv3 + ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I really need it to use NFSv4.
> >> 
> >> Any advice?
> > 
> > How are the NFSv4 ACL exposed to Linux command-line
> > tools ? Are there such ?
> 
> Yeah, CentOS 7 has nfs4_getfacl and nfs4_setfacl.  Will send example output.

OK, what I need is access to the source code of
these to see how they're getting programatic
access to the ACL data.

Given that it shouldn't be too hard to adapt
source3/modules/vfs_nfs4acl_xattr.c to use the
underlying API these tools use.