Ben Metcalfe
2012-Apr-18 20:06 UTC
[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
Dear all,
The system is Ubuntu 12.04 (latest beta as of yesterday)
Bind 9.81 (12.04 standard)
Samba 4, also git-cloned yesterday.
I've imported a zpool created on another ubuntu system with the same
version of zfs-linux (RC-8) http://zfsonlinux.org/
The zpool is working perfectly well; responsive, no errors reported,
scrubbed.
Samba can see the zpool as part of the greater file system and share the
600GB or so spread across the varios zfs file systems on it via cifs.
I've been through all the tests mentioned on the Samba 4 HOWTO and they
return successful results.
I'm sharing only via smb.conf - not using native ZFS CIFS commands.
The problem:
When I alter file permissions via CIFS from an XP Pro sp3 client (patched
up to date, joined to the domain and able to administer AD users and
computers) on any folder or subfolder shared from the zpool, I lose access
to that folder via CIFS. I can still see the folder from its parent
directory, but can't browse into it via CIFS. I can still browse the folder
on the server's command line.
The XP Pro client fails with the message:
*"The data area passed to a system call is too small"*
The OSX Snowleopard client just gives a silent fail.
I click in, and nothing happens.
When I mv the same "broken" folder to an EXT4 file system via the
server's
command line, I can repair the acls using:
get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl
/${ZPOOL}/Lou/stuff/
returns: ?O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc
set acls: /usr/local/samba/bin/samba-tool ntacl set
?O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc? /${EXT4
Sharename}/Lou/stuff/
...after which I update the smb.conf entry and can browse the folder as
normal, as long as it stays on the EXT4-backed share.
The acl-compliance tests:
setfattr -n user.test -v test test.txt
setfattr -n security.test -v test2 test.txt
getfattr -d test.txt
...return the correct results on both filesystems; EXT4 and ZFS.
Samba is running in stdout debug more: sudo /usr/local/samba/sbin/samba -i
-M single and throws no errors during the course of the problem.
I've set the zpool's aclinherit flag to "=passthrough" with no
difference
detected in the behaviour.
I'll try on another samba 3 + zfs machine tomorrow to see if I can
replicate this.
Any ideas welcome in the mean time (I *should* be able to alter permissions
on Samba 4 shares from XP Pro; don't need Windows 7 to administer?).
Thanks,
Ben.
Matthieu Patou
2012-Apr-28 21:20 UTC
[Samba] ACLs behaving differently on Samba 4 / Ubuntu 12.04 / Bind 9.81 between ZFS and EXT4 file systems
On 04/18/2012 01:06 PM, Ben Metcalfe wrote:> Dear all, > > The system is Ubuntu 12.04 (latest beta as of yesterday) > Bind 9.81 (12.04 standard) > Samba 4, also git-cloned yesterday. > > I've imported a zpool created on another ubuntu system with the same > version of zfs-linux (RC-8) http://zfsonlinux.org/ > > The zpool is working perfectly well; responsive, no errors reported, > scrubbed. > > Samba can see the zpool as part of the greater file system and share the > 600GB or so spread across the varios zfs file systems on it via cifs. > > I've been through all the tests mentioned on the Samba 4 HOWTO and they > return successful results. > > I'm sharing only via smb.conf - not using native ZFS CIFS commands. > > The problem: > > When I alter file permissions via CIFS from an XP Pro sp3 client (patched > up to date, joined to the domain and able to administer AD users and > computers) on any folder or subfolder shared from the zpool, I lose access > to that folder via CIFS. I can still see the folder from its parent > directory, but can't browse into it via CIFS. I can still browse the folder > on the server's command line. > > The XP Pro client fails with the message: > *"The data area passed to a system call is too small"* > The OSX Snowleopard client just gives a silent fail. > I click in, and nothing happens. > > When I mv the same "broken" folder to an EXT4 file system via the server's > command line, I can repair the acls using: > > get acls: /usr/local/samba/bin/samba-tool ntacl get --as-sddl > /${ZPOOL}/Lou/stuff/ > returns: ?O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc > set acls: /usr/local/samba/bin/samba-tool ntacl set > ?O:S-1-5-21-1345677-xxxxx-2594716733-500G..etc? /${EXT4 > Sharename}/Lou/stuff/ > > ...after which I update the smb.conf entry and can browse the folder as > normal, as long as it stays on the EXT4-backed share.Well it might be something completely different. Can you post the sddl you get + posix acls for the folder in ZFS ?> > The acl-compliance tests: > setfattr -n user.test -v test test.txt > setfattr -n security.test -v test2 test.txt > getfattr -d test.txt > ...return the correct results on both filesystems; EXT4 and ZFS.Can you try to create a new folder in the ZFS filesystem and set ACLs on it and see how you can access it ?. Matthieu. -- Matthieu Patou Samba Team http://samba.org