I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok. Here's what we have, and what we'd like to do: Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system. Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands. We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files. Is this possible? I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers. Thanks.
Hi kevin, On Wed, Mar 18, 2015 at 10:47 PM, Kevin Taylor <groucho.64738 at hotmail.com> wrote:> I know this was discussed a lot a few years ago, but my google searches > aren't quite getting me where I'm confident in the answer, so I figure I'd > just ask again here if that's ok. > > Here's what we have, and what we'd like to do: > > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported > to our linux system. > > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. > NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the > nfs4_setfacl and nfs4_getfacl commands. > > We'd like to share out the NFS mounted volume with samba, and retain the > NFSv4 acl capability so that Windows users can set advanced permissions on > the files. > > > Is this possible? >Yeah that is possible. IMO, You should go with Samba 4 AD + NFSv4 kerberized method. Please take a look at below link which will be helpful to you for start up. <http://linuxcostablanca.blogspot.in/2012/01/important-samba-4-update.html>> > I've seen posts about the ZFS ability and the GPFS ability, but none of > those are really what we're doing (I'm not sure why the backend would > necessarily matter). Would one of the other vfs items work in this case? > We're just NFS mounting onto the linux machine straight over TCP, nothing > special like iscsi or custom drivers. > > >--Regards Ashishkumar S. Yadav
On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:> I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok. > > Here's what we have, and what we'd like to do: > > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system. > > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands. > > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files. > > > Is this possible? > > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.The problem is that there is no common API on Linux to read and modify those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to view and set NFSv4 ACLs, so every file system needs its own adapter. I haven't recently followed the nfsv4 kernel client, so I don't know what the API for that would be these days. Do you have any pointers there? It should be moderate effort to adapt the relevant pieces from the GPFS and NFSv4 pieces of the modules/ subdirectory. Volker> > > Thanks. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
> Date: Thu, 19 Mar 2015 11:59:47 +0100 > From: Volker.Lendecke at SerNet.DE > To: groucho.64738 at hotmail.com > CC: samba at lists.samba.org > Subject: Re: [Samba] NFS4 ACLs with samba 3 (or 4) > > On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote: > > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok. > > > > Here's what we have, and what we'd like to do: > > > > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system. > > > > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands. > > > > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files. > > > > > > Is this possible? > > > > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers. > > The problem is that there is no common API on Linux to read and modify > those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to > view and set NFSv4 ACLs, so every file system needs its own adapter. > > I haven't recently followed the nfsv4 kernel client, so I don't know > what the API for that would be these days. Do you have any pointers there? > > It should be moderate effort to adapt the relevant pieces from the GPFS > and NFSv4 pieces of the modules/ subdirectory. > > Volker >Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything. I didn't see any other packages related to the nfs4-acl-tools, so there's no devel piece or anything that comes with it.> > > > > > Thanks. > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kontakt at sernet.de > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
> Date: Thu, 19 Mar 2015 11:59:47 +0100 > From: Volker.Lendecke at SerNet.DE > To: groucho.64738 at hotmail.com > CC: samba at lists.samba.org > Subject: Re: [Samba] NFS4 ACLs with samba 3 (or 4) > > On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote: > > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok. > > > > Here's what we have, and what we'd like to do: > > > > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system. > > > > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands. > > > > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files. > > > > > > Is this possible? > > > > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers. > > The problem is that there is no common API on Linux to read and modify > those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to > view and set NFSv4 ACLs, so every file system needs its own adapter. > > I haven't recently followed the nfsv4 kernel client, so I don't know > what the API for that would be these days. Do you have any pointers there? > > It should be moderate effort to adapt the relevant pieces from the GPFS > and NFSv4 pieces of the modules/ subdirectory. > > Volker > > >I don't know if this helps or not, but here's the package info for it: Name : nfs4-acl-tools Relocations: (not relocatable) Version : 0.3.3 Vendor: CentOS Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm Size : 104480 License: BSD Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.citi.umich.edu/projects/nfsv4/linux/ Summary : The nfs4 ACL tools Description : This package contains commandline and GUI ACL utilities for the Linux NFSv4 client.> > > > Thanks. > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kontakt at sernet.de