[Samba] NTFS ACL on database and vfs_acl_tdb
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat Mar 19 09:20:15 UTC 2016
On Fri, Mar 18, 2016 at 10:08:42AM -0700, Jeremy Allison wrote:
> On Wed, Mar 16, 2016 at 11:13:12AM +0100, Matteo Maretto wrote:
> > Hi,
> > we are migrating our fileserver from an old novell netware system to
> > a samba4 system. With netware all ACL were stored in a database, so
> > that it was possible to quickly find which files one user or group
> > had access to.
> > I'm investigating the possibility of writing ntfs ACL on a database
> > with samba. The module vfs_acl_tdb is able to do this, but values
> > are hashed so that the db is not queryable.
> > Does anyone knows of a way to achieve this?
>
> Hmmm. tdb is merely a key/value lookup store. Queries on non-keys
> have to be done by traversing the whole db I'm afraid.
>
> You could always change to a sqlite backend if you needed more
> indexes.
>
> > I've had a look at the code of the vfs_acl_tdb module and, for what
> > I understood, the ACL are written both on a tdb and on the
> > filesystem.
> > What's the behaviour of the module then?
> > When I use a software like icacls, to backup ACL, it looks like
> > samba is reading from the filesystem, because it takes a long time.
> > But when I try to browse a directory with thousands of files, access
> > is instantaneous. This makes me suppose samba is using the tdb.
> > Am I correct?
>
> Depends on what icacls actually does.
The Novell ACL semantics iirc are vastly different from
ntfs, posix or nfsv4 acls. How do you want to map those?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba
mailing list