Am 2/5/21 um 4:30 PM schrieb Thomas Geppert:> On 05/02/2021 14:07, Rowland penny via samba wrote:
>>> The provisioning and the nfs options given in the provisioning,
>>> thats the pain point.
>> They are the way the OP is trying to get something that shouldn't
>> work, to work.
>
> GUILTY ! I have to confess.
:)
> However, I must say that I don't understand why it shouldn't work.
> I'm relatively new to Samba but my understanding is that both vfs
> modules, acl_xattr and nfs4acl, are perfectly capable of storing
> NTACLs lossless. Nevertheless, using the nfs4acl vfs module does not
> provide the same functionality as using the acl_xattr vfs module.
It does provide the same functionality. There may be subtle differences,
but both basically provide a grossly Windows ACL compatible backing store.
> I did some research but without the background of 30 years of
> development that went into the product I'm a little bit lost at some
> points.
>
> - Why are POSIX ACLs required at all during provisioning when NTACLs
> are available ?
They aren't.
> - Why does the nfs4acl module intentionally mask the POSIX ACL calls
> and doesn't pass them down the stack or implement them the same way
> as the acl_xattr module ?
By design. The POSIX ACL VFS functions only get called indirectly by the
Windows ACL VFS functions if any module implementing the latter calls
into the former. vfs_nfs4acl doesn't do this and acl_xattr only does it
to provide consistency wrt to storing the Windows ACL in an xattr and a
mapped POSIX ACL in the filesystem (though this can be disabled by
config). There are more subtleties but that is the basic logic.
Samba AD DC is a complex beast and bending it do will can require deep
knowledge of the full stack and possibly a lot of time. :)
Cheers!
-slow
--
Ralph Boehme, Samba Team samba.org
Samba Developer, SerNet GmbH sernet.de/en/samba
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<lists.samba.org/pipermail/samba/attachments/20210205/36c2b940/OpenPGP_signature.sig>