Ken McDonald
2018-Mar-19 04:16 UTC
[Samba] Dealing with permission inheritance for CIFS Windows and NFS Linux clients accessing same data
How can I best handle file & directory permissions & inheritance when accessing the same data on a remote server from Windows clients through a CIFS share and Linux clients through an NFS export? I have Samba AD working and I believe Winbind is working because when I check permissions from the command line, whether locally on the server or a remote Linux client, with ls, getfacl, getfattr, nfs4_getfacl, or nfs4_getfattr, I can see Samba AD usernames and groups. For example: 1) I set permissions from a remote Windows client on a remote top-level directory (mapped through CIFS to a server share) 2) If on the Windows client, I create subdirectories & files, the inherited permissions ARE the same as the top-level (inherited correctly as expected) 3) But if on a remote Linux Mint client (with a local directory mounted from a remote NFS4 export on the server -- same directory as CIFS share), I create subdirectories & files, the inherited permissions are NOT the same as the top-level Is it even possible to get relatively the same inheritance behavior from CIFS & NFS4 accessing the same data? This is the top-level directory https://i.imgur.com/dLgfoS8.png Good perms inherited by Windows-made CIFS file https://i.imgur.com/ls9jcZy.png Bad perms inherited by Linux-made NFS4 file https://i.imgur.com/c8LXxOA.png
Stefan Kania
2018-Mar-19 08:05 UTC
[Samba] Dealing with permission inheritance for CIFS Windows and NFS Linux clients accessing same data
Why don't you use CIFS for the Linux-Client? Take a look at pam_mount. I think it's the better solution Stefan Am 19.03.18 um 05:16 schrieb Ken McDonald via samba:> How can I best handle file & directory permissions & inheritance when > accessing the same data on a remote server from Windows clients > through a CIFS share and Linux clients through an NFS export? > > I have Samba AD working and I believe Winbind is working because when > I check permissions from the command line, whether locally on the > server or a remote Linux client, with ls, getfacl, getfattr, > nfs4_getfacl, or nfs4_getfattr, I can see Samba AD usernames and groups. > > For example: > > 1) I set permissions from a remote Windows client on a remote > top-level directory (mapped through CIFS to a server share) > > 2) If on the Windows client, I create subdirectories & files, the > inherited permissions ARE the same as the top-level (inherited > correctly as expected) > > 3) But if on a remote Linux Mint client (with a local directory > mounted from a remote NFS4 export on the server -- same directory as > CIFS share), I create subdirectories & files, the inherited > permissions are NOT the same as the top-level > > Is it even possible to get relatively the same inheritance behavior > from CIFS & NFS4 accessing the same data? > > This is the top-level directory > https://i.imgur.com/dLgfoS8.png > Good perms inherited by Windows-made CIFS file > https://i.imgur.com/ls9jcZy.png > Bad perms inherited by Linux-made NFS4 file > https://i.imgur.com/c8LXxOA.png >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org Mein Schlüssel liegt auf hkp://subkeys.pgp.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20180319/adeb013e/signature.sig>