On 02/28/2012 06:45 PM, Jeremy Allison wrote:
On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:2012-02-28 08:27 keltezéssel, steve írta:Hi everyone We're really struggling with nfs4<--> windows acls. Scenario Samba4 share --> cifs --> win7. No problem Samba4 share --> nfs4 --> Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L& S at lcbIMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls.If RichACLs gets adopted (I'm assuming this will be the same model as NFSv4) then we'll just add a Samba VFS module to map incoming Windows ACLs to RichACLs. Jeremy.
Hi everyoneThis really is a hopeless situation at the moment. The nfs devs have suggested I switch from the secure nfs4 to nfs3 so I can use posix acls. This does not work however. I use setfacl on a folder. As soon as it is mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike.
The devs of the various filesystems seem to be working in isolation. We feel trapped and can't see a way out. I wonder if this is due to us asking poor questions? Could I simplify?
We want a folder where files are created group rw from a base filesystem: ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) Samba4 <--> Win7 acl=OK The same Samba4 server internal posix acl on ext4 acl=OK The same folder on the same server mounted nfs acl=destroyed Have I overlooked anything here? Thanks for your time, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Linux] [Info Cyrus] [LARTC] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]