[Samba] Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients
Kraus, Sebastian
sebastian.kraus at tu-berlin.de
Wed Feb 27 01:26:10 UTC 2019
Dear Jeremy,
thanks for your instant reply. :-)
Along with Linux native getfacl/fetfacl, I also tested getcifsacl/setcifsacl (for sure thoroughly ;-)).
Unfortunately, these CIFS client tools seem to have been designed as part of the "old" CIFS
Unix Extensions, working only for SMB/CIFS mounts, and are not supposed to work with
SMB2/SMB3 mounts, as I guess.
During my tests, the getcifsacl utility fails on SMB2/SMB3 mounts always with an xattr error:
xxx:~# getcifsacl /media/testmount/yyy
getxattr error: 95
REVISION:0x0
CONTROL:0x0
I am working on Debian stable boxes. I also tested with Debian testing and an actual Fedora Kernel,
but whithout any noticable change regarding the behaviour of getcifsacl/setcifsacl on SMB2/SMB3
mounts. The most striking difference between SMB/CIFS and SMB2/SMB3 mounts consists in the
fact that the client and the server seem to agree on the mount flag "nounix" or the Kernel cifs client
sets this flag automatically. On the other hand, SMB/CIFS mounts do not set this flag and CIFS ACL
are usable with SMB/CIFS mounts in the same sense.
Thanks for all your hints and best
Sebastian
Sebastian Kraus
Team IT am Institut für Chemie
Gebäude C, Straße des 17. Juni 115, Raum C7
Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin
Tel.: +49 30 314 22263
Fax: +49 30 314 29309
Email: sebastian.kraus at tu-berlin.de
________________________________________
From: Jeremy Allison <jra at samba.org>
Sent: Wednesday, February 27, 2019 01:18
To: Kraus, Sebastian; samba at lists.samba.org
Subject: Re: [Samba] Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients
On Tue, Feb 26, 2019 at 09:03:41AM -0800, Jeremy Allison via samba wrote:
>
> Check out the latest cifsfs code. I think Steve
> and Aurelian and Ronnie added an ioctl for this.
>
> I'm here at Vault in Boston with Steve, I'll ask
> him :-).
Steve says there are two utilities in Linux,
getcifsacl and setcifsacl that use a custom
ioctl inside the Linux cifsfs kernel client
to get/set SMB acls.
More information about the samba
mailing list