[Samba] Samba on ZFS

Ralph Boehme slow at samba.org
Wed Jan 12 14:07:05 UTC 2022

On 1/12/22 14:44, Patrick Goetz via samba wrote:
> I'm about to deploy a Samba fileserver where the underlying filesystem 
> on the data partition is ZFS, and someone on the zfsonlinux list got me 
> worried that there might be some problems with doing this (e.g. 
> particularly when it comes to extended POSIX ACLs, which I use heavily).
> This lead me to this page:
> https://www.samba.org/samba/docs/current/man-html/vfs_zfsacl.8.html
> where I saw this:  "This module follows the posix-acl behaviour and 
> hence allows permission stealing via chown."

you can just ignore the zfsacl VFS module, see below.

> I have no idea what permission stealing is, and when I tried to google 
> it, I just got references to this man page.
> Also, this "This module makes use of the smb.conf parameter acl map full 
> control = acl map full control. When set to yes ..."
> acl map full control = acl map full control ?
> Is that a typo?  I would expect to see, for example
> acl map full control = yes
> or something like this.
> Finally, am I going to run into extended ACL issues by Samba sharing ZFS 
> datasets?

no, it should work afaict. Just beware that afair ZFS on Linux doesn't 
support NFSv4 ACLs, just POSIX ACLs. As Samba will work with POSIX ACLs 
by default, other ACL flavours require loading a dedicated ZFS module, 
your setup should basically just work. But ff course, the devil's in the 
details, so you should do some decent researcg abd testing before 
deploying a production system. :)


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220112/f10b061f/OpenPGP_signature.sig>

More information about the samba mailing list