Hi everyone We're really struggling with nfs4 <--> windows acls. Scenario Samba4 share --> cifs --> win7. No problem Samba4 share --> nfs4 --> Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L & S at lcb
2012-02-28 08:27 keltez?ssel, steve ?rta:> Hi everyone > > We're really struggling with nfs4 <--> windows acls. > > Scenario > Samba4 share --> cifs --> win7. No problem > Samba4 share --> nfs4 --> Linux. acls not inherited > Neither is there inheritance vica versa. > > e.g. It is not possible to create files with group rw on a umask 0022 > nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows > acls this works fine. I've approached the nfs4 devs and they've said > that they'll look into it, but so far. Exporting nfs4 with -o noacl > (in the hope that the windows acl would take effect) has no effect. > > 1. Is it possible to get Samba to override the nfs4 acl and use > whatever I've set on windows security acl instead? > 2. Is there a way to export a single directory with a umask of my choice? > 3. Would it be reasonable to ask my distro (openSUSE) to consider this > problem as a feature request? Perhaps as a patch over nfs4_setfacl? > Thanks, > L & S at lcb >IMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls. Regards Geza
On 03/01/2012 01:06 AM, Ali Bendriss wrote:>> We want a folder where files are created group rw from a base filesystem: >> ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) > Hi, > > I can't see the "acl" mount option on your options list. > Have you tried setting it ? > > -- > AliHi Thanks for the hint. It pointed us in the rigt direction. It must be a default beacuse adding it to fstab makes no difference. There's something about acl and xattr being mutually exclusive, or exclusive to when the fs was built and when it is mounted. Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. Cheers, Steve