Joe Maloney
2014-Feb-26 05:30 UTC
[Samba] FreeBSD/ZFS/S3FS usage and development questions
I've noticed that the samba-tool ntacl sysvolreset --use-s3fs command does not work on a ZFS filesystem on FreeBSD. It does work if sysvol is moved to a volume that is able to be mounted with the acls flag. I will reference a ticket I started with FreeNAS here: https://bugs.freenas.org/issues/4351 As of version 9.2.1.1 s3fs is now the default using the workaround known for FreeBSD. http://svnweb.freebsd.org/ports/head/net/samba41/files/README.FreeBSD.in?revision=340872&view=markup It seems to work well for the most part and things like smbstatus work. However I've noticed the inability to create any group policy objects. So I started thinking about the sysvolreset command. Am I correct in thinking that as suggested early without running samba-tool ntacl sysvolreset the conversion from ntvfs to s3fs after an initial provision with ntvfs would not be fully complete? I also suggested this as maybe a good starting point for fixing the sysvol reset command with ZFS. Is this the correct file? https://git.samba.org/?p=samba.git;a=blob;f=python/samba/ntacls.py;h=53438d84bffbc088e3aa0d177b728a2797407c05;hb=HEAD Is it possible to simply disable the hard requirements for POSIX acls or bypass the check in some way? Or are POSIX acls somehow essential to setting the permissions to begin with using the python scripts? Joe Maloney
Jeremy Allison
2014-Feb-27 23:02 UTC
[Samba] FreeBSD/ZFS/S3FS usage and development questions
On Tue, Feb 25, 2014 at 11:30:15PM -0600, Joe Maloney wrote:> I've noticed that the samba-tool ntacl sysvolreset --use-s3fs command does > not work on a ZFS filesystem on FreeBSD. It does work if sysvol is moved > to a volume that is able to be mounted with the acls flag. > > I will reference a ticket I started with FreeNAS here: > > https://bugs.freenas.org/issues/4351 > > As of version 9.2.1.1 s3fs is now the default using the workaround known > for FreeBSD. > > http://svnweb.freebsd.org/ports/head/net/samba41/files/README.FreeBSD.in?revision=340872&view=markup > > It seems to work well for the most part and things like smbstatus work. > However I've noticed the inability to create any group policy objects. So > I started thinking about the sysvolreset command. > > Am I correct in thinking that as suggested early without running samba-tool > ntacl sysvolreset the conversion from ntvfs to s3fs after an initial > provision with ntvfs would not be fully complete? > > I also suggested this as maybe a good starting point for fixing the sysvol > reset command with ZFS. Is this the correct file? > > https://git.samba.org/?p=samba.git;a=blob;f=python/samba/ntacls.py;h=53438d84bffbc088e3aa0d177b728a2797407c05;hb=HEADYes, that looks right.> Is it possible to simply disable the hard requirements for POSIX acls or > bypass the check in some way? Or are POSIX acls somehow essential to > setting the permissions to begin with using the python scripts?POSIX ACLs aren't required for this, it's just that they are the tested environment most of the Team is working within. ZFS ACLs should be an acceptable (and easier) replacement. Jeremy.