samba - Feb 2019 - Using Access Control Lists with SMB2/SMB3 Mounts on Linux Clients

Dear all,
what is about the support for POSIX ACL in Samba protocol implementation of SMB2
and SMB3?
>From what I extracted from SNIA and SambaXP developer conference talks and
as well as the official Samba Wiki,
support for POSIX ACL in SMB2 and SMB3 has been completely abandonned. Am I
right?
If so, is there any other possibility to allow Linux Clients to natively access
access control lists
(via NT Security Descriptor, NFSv4 ACL, CIFS ACL) under SMB2/SMB3 on commandline
and/or from GUI applications?

We are planning to switch our production environment from NFSv4 shares to SMB
shares. This is the first time
we are getting in contact with the semantics of accessing and mounting SMB
shares on Linux Clients.
Any advice is welcome.


Thanks and Best
Sebastian


Sebastian Kraus

Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin

Email: sebastian.kraus at tu-berlin.de

On Tue, Feb 26, 2019 at 03:05:12PM +0000, Kraus, Sebastian via samba
wrote:
> Dear all,
> what is about the support for POSIX ACL in Samba protocol implementation of
SMB2 and SMB3?
> From what I extracted from SNIA and SambaXP developer conference talks and
as well as the official Samba Wiki,
> support for POSIX ACL in SMB2 and SMB3 has been completely abandonned. Am I
right?
Yes. We're not planning to allow direct POSIX ACL access
in SMB2+.
> If so, is there any other possibility to allow Linux Clients to natively
access access control lists
> (via NT Security Descriptor, NFSv4 ACL, CIFS ACL) under SMB2/SMB3 on
commandline and/or from GUI applications?
smbcacls is the command line tool to do this against
an SMB server.

Thanks for the first reply, Jeremy.
What about the (future) implementation of RichACL?
Will there be any native Linux Client support along with the SMB2/SMB3 protocol?
I know, there is a native implemenation for RichACLs in ext4 FS.
Unfortunately, smbcals is not a native Linux ACL Tool and has a very unhandy
syntax.
I just tested some days ago. ;-)
I am looking for a solution that allows the Linux Client to access the ACL via
getfacl/setfacl, if
anyhow possible.

Thanks for your suggestions.

Best
Sebastian


Sebastian Kraus
Team IT am Institut für Chemie
Gebäude C, Straße des 17. Juni 115, Raum C7

Technische Universität Berlin
Fakultät II
Institut für Chemie
Sekretariat C3
Straße des 17. Juni 135
10623 Berlin


Tel.: +49 30 314 22263
Fax: +49 30 314 29309
Email: sebastian.kraus at tu-berlin.de


________________________________________
From: Jeremy Allison <jra at samba.org>
Sent: Tuesday, February 26, 2019 17:03
To: Kraus, Sebastian
Cc: samba at lists.samba.org
Subject: Re: [Samba] Using Access Control Lists with SMB2/SMB3 Mounts on Linux
Clients

On Tue, Feb 26, 2019 at 03:05:12PM +0000, Kraus, Sebastian via samba
wrote:
> Dear all,
> what is about the support for POSIX ACL in Samba protocol implementation of
SMB2 and SMB3?
> From what I extracted from SNIA and SambaXP developer conference talks and
as well as the official Samba Wiki,
> support for POSIX ACL in SMB2 and SMB3 has been completely abandonned. Am I
right?
Yes. We're not planning to allow direct POSIX ACL access
in SMB2+.
> If so, is there any other possibility to allow Linux Clients to natively
access access control lists
> (via NT Security Descriptor, NFSv4 ACL, CIFS ACL) under SMB2/SMB3 on
commandline and/or from GUI applications?
smbcacls is the command line tool to do this against
an SMB server.