[Samba] NFS4 ACLs with samba 3 (or 4)

[Volker Lendecke]

On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:
> I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
> 
> Here's what we have, and what we'd like to do:
> 
> Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
> 
> Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.   
> 
> We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
> 
> 
> Is this possible? 
> 
> I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.

The problem is that there is no common API on Linux to read and modify
those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
view and set NFSv4 ACLs, so every file system needs its own adapter.

I haven't recently followed the nfsv4 kernel client, so I don't know
what the API for that would be these days. Do you have any pointers there?

It should be moderate effort to adapt the relevant pieces from the GPFS
and NFSv4 pieces of the modules/ subdirectory.

Volker

> 
> 
> Thanks.
> 
> 
>  		 	   		  
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de