[Samba] Is "vfs objects = acl_tdb" allowed?
Michael Tokarev
mjt at tls.msk.ru
Sun Jan 15 07:27:46 UTC 2023
15.01.2023 01:31, Steffen Dettmer via samba wrote:
> Hi,
>
> I had issues using"vfs objects = acl_xattr" (possibly too old version
> [Version 4.13.13-Debian] for the needed "acl_xattr:security_acl_name =
> user.samba" option needed if running in a non-priv container). So I
> tried "vfs objects = acl_tdb" and found it working.
Samba in debian bullseye is quite old indeed, and have numerous other
issues.
> In https://wiki.samba.org/index.php/File_System_Support I found:
>
> File systems without xattr support
> Note: This is not recommended!!!
>
> If you don't have a filesystem with xattr support, you can simulate it
> by adding the following line to your smb.conf:
> posix:eadb = /usr/local/samba/private/eadb.tdb
> This will place all extra file attributes (NT ACLs, DOS EAs,
> streams, etc), in that tdb.
> Note: This way it is not efficient and doesn't scale well.
> That's why it shouldn't be used in production!
>
> This seems to be very similar to "vfs objects = acl_xattr" (which uses
> /var/lib/samba/file_ntacls.tdb, so probably the same technology).
acl_xattr does not use a tdb file (read the manpage for it, vfs_acl_xattr).
This wiki page talks about posix_eadb vfs module (there seems to be no
manual page for it though).
> Is it a problem to use "vfs objects = acl_tdb" in production? Or would
vfs_acl_tdb is used in samba testsuite quite heavily and "should" work.
Given the results in your other email, it does not work for you with
the debian bullseye build of samba 4.13. It might be due to your
attempt to stack posix_eadb with it, or something else entirely.
Please try with current samba version (bullseye-backports has 4.17.4).
For the backtrace in gdb to be useful, you need to have the dbgsym
packages for samba. gdb should be able to download the debug symbols
automatically from the debian archive, but it is not doing this in
your case (maybe due to local firewall maybe due to something else).
Please enable dbgsym packages and install samba-libs-dbgsym,
samba-dbgsym and samba-vfs-modules-dbgsym packages at least, - this
will help gdb to get useful backtrace (see, for example,
https://wiki.debian.org/HowToGetABacktrace for detail)
/mjt
More information about the samba
mailing list