[Samba] Is "vfs objects = acl_tdb" allowed?
Steffen Dettmer
steffen.dettmer+samba at gmail.com
Sat Jan 14 22:31:42 UTC 2023
Hi,
I had issues using"vfs objects = acl_xattr" (possibly too old version
[Version 4.13.13-Debian] for the needed "acl_xattr:security_acl_name =
user.samba" option needed if running in a non-priv container). So I
tried "vfs objects = acl_tdb" and found it working.
In https://wiki.samba.org/index.php/File_System_Support I found:
File systems without xattr support
Note: This is not recommended!!!
If you don't have a filesystem with xattr support, you can simulate it
by adding the following line to your smb.conf:
posix:eadb = /usr/local/samba/private/eadb.tdb
This will place all extra file attributes (NT ACLs, DOS EAs,
streams, etc), in that tdb.
Note: This way it is not efficient and doesn't scale well.
That's why it shouldn't be used in production!
This seems to be very similar to "vfs objects = acl_xattr" (which uses
/var/lib/samba/file_ntacls.tdb, so probably the same technology).
Is it a problem to use "vfs objects = acl_tdb" in production? Or would
it just cost a few percent performance? I have 4TB (8,168,443 files,
took ~2hr to count) spinning storage, dimensioned for 20TB. I could
assing a few more cores or a bit more RAM if it helps.
Steffen
More information about the samba
mailing list