[Samba] Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients

Kraus, Sebastian sebastian.kraus at tu-berlin.de
Wed Feb 27 01:26:10 UTC 2019

Dear Jeremy,
thanks for your instant reply. :-)
Along with Linux native getfacl/fetfacl, I also tested getcifsacl/setcifsacl (for sure thoroughly ;-)).
Unfortunately, these CIFS client tools seem to have been designed as part of the "old" CIFS 
Unix Extensions, working only for SMB/CIFS mounts, and are not supposed to work with 
SMB2/SMB3 mounts, as I guess.
During my tests, the getcifsacl utility fails on SMB2/SMB3 mounts always with an xattr error:

xxx:~# getcifsacl /media/testmount/yyy 
getxattr error: 95

I am working on Debian stable boxes. I also tested with Debian testing and an actual Fedora Kernel, 
but whithout any noticable change regarding the behaviour of getcifsacl/setcifsacl on SMB2/SMB3 
mounts. The most striking difference between SMB/CIFS and SMB2/SMB3 mounts consists in the
fact that the client and the server seem to agree on the mount flag "nounix" or the Kernel cifs client 
sets this flag automatically. On the other hand, SMB/CIFS mounts do not set this flag and CIFS ACL
are usable with SMB/CIFS mounts in the same sense.

Thanks for all your hints and best

Sebastian Kraus
Team IT am Institut für Chemie
Gebäude C, Straße des 17. Juni 115, Raum C7

Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin

Tel.: +49 30 314 22263
Fax: +49 30 314 29309
Email: sebastian.kraus at tu-berlin.de

From: Jeremy Allison <jra at samba.org>
Sent: Wednesday, February 27, 2019 01:18
To: Kraus, Sebastian; samba at lists.samba.org
Subject: Re: [Samba] Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients

On Tue, Feb 26, 2019 at 09:03:41AM -0800, Jeremy Allison via samba wrote:
> Check out the latest cifsfs code. I think Steve
> and Aurelian and Ronnie added an ioctl for this.
> I'm here at Vault in Boston with Steve, I'll ask
> him :-).

Steve says there are two utilities in Linux,
getcifsacl and setcifsacl that use a custom
ioctl inside the Linux cifsfs kernel client
to get/set SMB acls.

More information about the samba mailing list