[Samba] Samba and NFSv4 ACLs
Cang Household
canghousehold at aol.com
Sat Jul 13 01:58:31 UTC 2024
> Samba provides the "nfs4acl_xattr" vfs module precisely for that.
I am not an expert in Windows ACL, but where do you see that the
nfs4acl_xattr vfs module provides the support for "manage the ACLs on
the OS of the Samba host directly?"
From the Wiki page, https://wiki.samba.org/index.php/NFS4_ACL_overview,
it implies the following four operation modes are possible.
(1) Windows SMB Server with ACL, Linux cifs vfs kernel module, probably
meant mounting with -t cifs. This supports Windows ACL on mounted
filesystem on Linux.
(2) Windows NFSv4 Server with ACL. Linux nfsv4 client. This supports ACL
on mounted filesystem on Linux.
(3) Linux Samba Server with nfs4acl_xattr, Linux client with NFSv4
Client. The Windows ACL is supported via nfs4-acl-tools. This
manipulates the nfs4acl_xattr.
(4) Linux Samba Server with nfs4acl_xattr, Windows client. Windows ACL
is of course supported on Windows.
"Linux is the only one of the major Unix flavors that does not have any
native NFS4 ACL support upstream in the kernel yet." This is saying you
cannot use nfs4-acl-tools to manipulate non-VFS with nfs4acl_xattr,
because those attributes are not recognized and not enforced by Linux
kernel.
Then this sounds like it does not do what you want. But, like some VFS
maintainer, I do believe POSIX ACLs are adequate enough. Native file
permissions are very flexible with setuid and setgid bits. With
idmapping on AD integration (I would prefer sssd), this covers about 95%
of the usage cases.
More information about the samba
mailing list