[Samba] Linux & NFSv4 ACLs
jra at samba.org
Fri Dec 4 01:13:51 UTC 2015
On Thu, Dec 03, 2015 at 06:03:39PM -0700, Nick Couchman wrote:
> > On Dec 3, 2015, at 17:24, Jeremy Allison <jra at samba.org> wrote:
> >> On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote:
> >> I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead of "Access Denied" errors that I currently get.
> >> Looking at the Samba source, the only obvious NFSv4 stuff appears to be the following:
> >> - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support simply because that's what ZFS uses. Don't see a way to use this on Linux.
> >> - gpfs, available only if you happen to have the GPFS code/headers installed (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are even freely-available.
> >> - aixacl/aixacl2, looks like it only works on AIX.
> >> First, am I correct in the above findings - that there is no way to operate any of these three modules on Linux out of the box? Second, am I missing something obvious related to NFSv4 ACLs on Linux, or is there some other VFS module somewhere that supports NFSv4 ACLs?
> >> Also, no, it is not an option to mount the filesystems in question with NFSv3 + ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I really need it to use NFSv4.
> >> Any advice?
> > How are the NFSv4 ACL exposed to Linux command-line
> > tools ? Are there such ?
> Yeah, CentOS 7 has nfs4_getfacl and nfs4_setfacl. Will send example output.
OK, what I need is access to the source code of
these to see how they're getting programatic
access to the ACL data.
Given that it shouldn't be too hard to adapt
source3/modules/vfs_nfs4acl_xattr.c to use the
underlying API these tools use.
More information about the samba