Re: windows and nfs4 acls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 02/29/2012 10:28 PM, steve wrote:
On 02/28/2012 06:45 PM, Jeremy Allison wrote:
On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:
2012-02-28 08:27 keltezéssel, steve írta:
Hi everyone

We're really struggling with nfs4<-->  windows acls.

  Samba4 share -->  cifs -->  win7. No problem
  Samba4 share -->  nfs4 -->  Linux. acls not inherited
Neither is there inheritance vica versa.

e.g. It is not possible to create files with group rw on a umask 0022
nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
acls this works fine. I've approached the nfs4 devs and they've said
that they'll look into it, but so far. Exporting nfs4 with -o noacl
(in the hope that the windows acl would take effect) has no effect.

1. Is it possible to get Samba to override the nfs4 acl and use
whatever I've set on windows security acl instead?
2. Is there a way to export a single directory with a umask of my choice?
3. Would it be reasonable to ask my distro (openSUSE) to consider this
problem as a feature request? Perhaps as a patch over nfs4_setfacl?
L&  S at lcb

IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
order to get them applied o the Linux (or NFS4) side there should be a
Linux kernel security module (LSM) which would override the posix acls.
If RichACLs gets adopted (I'm assuming this will be the
same model as NFSv4) then we'll just add a Samba VFS
module to map incoming Windows ACLs to RichACLs.

Hi everyone

This really is a hopeless situation at the moment. The nfs devs have suggested I switch from the secure nfs4 to nfs3 so I can use posix acls. This does not work however. I use setfacl on a folder. As soon as it is mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike.

The devs of the various filesystems seem to be working in isolation. We feel trapped and can't see a way out. I wonder if this is due to us asking poor questions? Could I simplify?

We want a folder where files are created group rw from a base filesystem:
ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0)

Samba4 <--> Win7 acl=OK
The same Samba4 server internal posix acl on ext4 acl=OK
The same folder on the same server mounted nfs acl=destroyed

Have I overlooked anything here?

Thanks for your time,

Ironically, I've just noticed:
NTVFS backend 'xattr' registered
NTVFS backend 'nfs4acl' registered
from samba -i -d3

Does this mean anything to anyone?
To unsubscribe from this list go to the following URL and read the

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux