[Samba] vfs_zfsacl in debian samba repo

Piotr Maksymiuk movikun at gmail.com
Sat Jan 16 00:28:25 UTC 2021


Ah, thanks for the tip. It isn't inherit acls = true, as I already had that, and the behaviour is desirable for me. What makes the difference is force unknown acl user = true. But I don't really understand how can I make it work. Looks to me I have to somehow make mapping from fruit SIDs to unix gids? Any hints on what I'm missing?

> On 15 Jan 2021, at 20:31, Jeremy Allison <jra at samba.org> wrote:
> 
> On Fri, Jan 15, 2021 at 04:42:24PM +0100, Piotr Maksymiuk via samba wrote:
>> Actually ignore that request. I read more into the code and I don't care about nfsv4acl, all my datasets use posix acls. I was trying to replicate how this behaves on truenas, but it may be more than a missing vfs. In fact they use some custom-made modules[1] specifically for that purpose. Maybe with the advent of TrueNAS Scale and it's usage of ZOL, they'll submit some stuff upstream
>> 
>> That said, there's still the issue of vfs_acl_xattr.
>> The moment i turn it on, samba stops respecting the the setgid flag, and creates files/directories with the primary group of the user. Is that the intended behaviour? (The clients are MacOS 11)
> 
> I think the "inherit acls = true" is what does this.
> It's incompatible with the setgid setting on directories.
> 
>        /* Ensure we have the parameters correct if we're
>         * using this module. */
>        DEBUG(2,("connect_acl_xattr: setting 'inherit acls = true' "
>                "'dos filemode = true' and "
>                "'force unknown acl user = true' for service %s\n",
>                service ));
> 
>        lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
> 




More information about the samba mailing list