I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead of "Access Denied" errors that I currently get. Looking at the Samba source, the only obvious NFSv4 stuff appears to be the following: - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support simply because that's what ZFS uses. Don't see a way to use this on Linux. - gpfs, available only if you happen to have the GPFS code/headers installed (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are even freely-available. - aixacl/aixacl2, looks like it only works on AIX. First, am I correct in the above findings - that there is no way to operate any of these three modules on Linux out of the box? Second, am I missing something obvious related to NFSv4 ACLs on Linux, or is there some other VFS module somewhere that supports NFSv4 ACLs? Also, no, it is not an option to mount the filesystems in question with NFSv3 + ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I really need it to use NFSv4. Any advice? -Nick =This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.
On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote:> I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead of "Access Denied" errors that I currently get. > > Looking at the Samba source, the only obvious NFSv4 stuff appears to be the following: > - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support simply because that's what ZFS uses. Don't see a way to use this on Linux. > - gpfs, available only if you happen to have the GPFS code/headers installed (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are even freely-available. > - aixacl/aixacl2, looks like it only works on AIX. > > First, am I correct in the above findings - that there is no way to operate any of these three modules on Linux out of the box? Second, am I missing something obvious related to NFSv4 ACLs on Linux, or is there some other VFS module somewhere that supports NFSv4 ACLs? > > Also, no, it is not an option to mount the filesystems in question with NFSv3 + ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I really need it to use NFSv4. > > Any advice?How are the NFSv4 ACL exposed to Linux command-line tools ? Are there such ?
> On Dec 3, 2015, at 17:24, Jeremy Allison <jra at samba.org> wrote: > >> On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote: >> I have a situation where I need to share, via Samba, a filesystem mounted via NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and enumerate them to provide the proper SMB/CIFS access to the files, instead of "Access Denied" errors that I currently get. >> >> Looking at the Samba source, the only obvious NFSv4 stuff appears to be the following: >> - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support simply because that's what ZFS uses. Don't see a way to use this on Linux. >> - gpfs, available only if you happen to have the GPFS code/headers installed (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are even freely-available. >> - aixacl/aixacl2, looks like it only works on AIX. >> >> First, am I correct in the above findings - that there is no way to operate any of these three modules on Linux out of the box? Second, am I missing something obvious related to NFSv4 ACLs on Linux, or is there some other VFS module somewhere that supports NFSv4 ACLs? >> >> Also, no, it is not an option to mount the filesystems in question with NFSv3 + ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I really need it to use NFSv4. >> >> Any advice? > > How are the NFSv4 ACL exposed to Linux command-line > tools ? Are there such ?Yeah, CentOS 7 has nfs4_getfacl and nfs4_setfacl. Will send example output. =This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.