[Samba] ACL on ZFS
Maximilian Kirchner
max.kirchner at gmail.com
Thu Nov 10 11:00:28 UTC 2016
My Server is running 4.5.1 on Ubuntu 16.04, most of the shares are located
on a zfs raid. Some of the added profiles are now getting corrputed and
cannot login anymore due to some files in the profile share not being
accessible
After searching online I found two solutions:
a) setting aclmode=passthrough, aclinherit=passthrough on the zfs volume
b) using nt4 acl mode and the vfs_zfsacl module on samba
when I added some code I found online last time I fucked up badly so I
would like some input if what I found is correct or if using zfs would be a
very bad idea from the beginning.
My current smb.conf reads as follows (without any editing for vfs_zfsacl:
[global]
netbios name = SRV
realm = SMB.WIE
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = SMB
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
interfaces = bond0:0
bind interfaces only = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind refresh tickets = Yes
winbind nested groups = No
logon script = logon.bat
log file = /usr/local/samba/logs/log.%m
log level = 3
...
[Profiles]
path = /ssds/samba/Profiles/
read only = no
store dos attributes = Yes
create mask = 0600
directory mask = 0700
profile acls = yes
csc policy = disable
...
What I would add to the Profiles-Share is:
## Enable the zfsacl module for this share
vfs objects = zfsacl
nfs4:mode = special
## Merge duplicate ACEs
nfs4:acedup = merge
## Enable changing owner and group
nfs4:chown = yes
map acl inherit = yes
And to the global settings:
## Store DOS attributes in extended attributes (no mapping)
map hidden = no
map system = no
map archive = no
map readonly = no
store dos attributes = yes
## Extended attributes
ea support = yes
More information about the samba
mailing list