----- Original Message -----> From: "Jeremy Allison" <jra at samba.org> > To: "Nick E Couchman" <nick.couchman at seakr.com> > Cc: samba at lists.samba.org > Sent: Thursday, December 3, 2015 6:13:51 PM > Subject: Re: [Samba] Linux & NFSv4 ACLs> On Thu, Dec 03, 2015 at 06:03:39PM -0700, Nick Couchman wrote: >> >> > On Dec 3, 2015, at 17:24, Jeremy Allison <jra at samba.org> wrote: >> > >> >> On Thu, Dec 03, 2015 at 03:54:21PM -0700, Nick Couchman wrote: >> >> I have a situation where I need to share, via Samba, a filesystem mounted via >> >> NFSv4. I'm struggling with the best way to make Samba see the NFSv4 ACLs and >> >> enumerate them to provide the proper SMB/CIFS access to the files, instead of >> >> "Access Denied" errors that I currently get. >> >> >> >> Looking at the Samba source, the only obvious NFSv4 stuff appears to be the >> >> following: >> >> - zfsacl, available only on Solaris or FreeBSD, which provides NFSv4 ACL support >> >> simply because that's what ZFS uses. Don't see a way to use this on Linux. >> >> - gpfs, available only if you happen to have the GPFS code/headers installed >> >> (gpfs_gpl.h), and I cannot find an obvious place to get those, or if they are >> >> even freely-available. >> >> - aixacl/aixacl2, looks like it only works on AIX. >> >> >> >> First, am I correct in the above findings - that there is no way to operate any >> >> of these three modules on Linux out of the box? Second, am I missing something >> >> obvious related to NFSv4 ACLs on Linux, or is there some other VFS module >> >> somewhere that supports NFSv4 ACLs? >> >> >> >> Also, no, it is not an option to mount the filesystems in question with NFSv3 + >> >> ACLs - due to NFS referrals, automatic mounting of sub-filesystems, etc., I >> >> really need it to use NFSv4. >> >> >> >> Any advice? >> > >> > How are the NFSv4 ACL exposed to Linux command-line >> > tools ? Are there such ? >> >> Yeah, CentOS 7 has nfs4_getfacl and nfs4_setfacl. Will send example output. > > OK, what I need is access to the source code of > these to see how they're getting programatic > access to the ACL data. > > Given that it shouldn't be too hard to adapt > source3/modules/vfs_nfs4acl_xattr.c to use the > underlying API these tools use.Try these pages (U Michigan): http://www.citi.umich.edu/projects/nfsv4/linux/nfs4-acl-tools/ http://www.citi.umich.edu/projects/nfsv4/linux/ and here: http://wiki.linux-nfs.org/wiki/index.php/ACLs I'm pretty sure that first link is the source that the RHEL/CentOS tools comes from. Here's output from YUM on CentOS [root at snapshots ~]# yum whatprovies *bin/nfs4_getfacl Loaded plugins: fastestmirror No such command: whatprovies. Please use /usr/bin/yum --help [root at snapshots ~]# yum whatprovides *bin/nfs4_getfacl Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * extras: linux.mirrors.es.net nfs4-acl-tools-0.3.3-13.el7.x86_64 : The nfs4 ACL tools Repo : base Matched from: Filename : /usr/bin/nfs4_getfacl -Nick =This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.
On Thu, Dec 03, 2015 at 07:31:36PM -0700, Nick Couchman wrote:> > Try these pages (U Michigan): > http://www.citi.umich.edu/projects/nfsv4/linux/nfs4-acl-tools/ > http://www.citi.umich.edu/projects/nfsv4/linux/ > > and here: > http://wiki.linux-nfs.org/wiki/index.php/ACLs > > I'm pretty sure that first link is the source that the RHEL/CentOS tools comes from. Here's output from YUM on CentOS > > [root at snapshots ~]# yum whatprovies *bin/nfs4_getfacl > Loaded plugins: fastestmirror > No such command: whatprovies. Please use /usr/bin/yum --help > [root at snapshots ~]# yum whatprovides *bin/nfs4_getfacl > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > * extras: linux.mirrors.es.net > nfs4-acl-tools-0.3.3-13.el7.x86_64 : The nfs4 ACL tools > Repo : base > Matched from: > Filename : /usr/bin/nfs4_getfaclThanks for that. The problem is /usr/bin/nfs4_getfacl uses an internal library to get marshall/unmarshall the ACL data into EA's. I don't think that library is installed (and there's no nfs4_acl-dev package).
----- Original Message -----> From: "Jeremy Allison" <jra at samba.org> > To: "Nick E Couchman" <nick.couchman at seakr.com> > Cc: samba at lists.samba.org > Sent: Friday, December 4, 2015 1:22:06 PM > Subject: Re: [Samba] Linux & NFSv4 ACLs> On Thu, Dec 03, 2015 at 07:31:36PM -0700, Nick Couchman wrote: >> >> Try these pages (U Michigan): >> http://www.citi.umich.edu/projects/nfsv4/linux/nfs4-acl-tools/ >> http://www.citi.umich.edu/projects/nfsv4/linux/ >> >> and here: >> http://wiki.linux-nfs.org/wiki/index.php/ACLs >> >> I'm pretty sure that first link is the source that the RHEL/CentOS tools comes >> from. Here's output from YUM on CentOS >> >> [root at snapshots ~]# yum whatprovies *bin/nfs4_getfacl >> Loaded plugins: fastestmirror >> No such command: whatprovies. Please use /usr/bin/yum --help >> [root at snapshots ~]# yum whatprovides *bin/nfs4_getfacl >> Loaded plugins: fastestmirror >> Loading mirror speeds from cached hostfile >> * extras: linux.mirrors.es.net >> nfs4-acl-tools-0.3.3-13.el7.x86_64 : The nfs4 ACL tools >> Repo : base >> Matched from: >> Filename : /usr/bin/nfs4_getfacl > > Thanks for that. The problem is /usr/bin/nfs4_getfacl > uses an internal library to get marshall/unmarshall the > ACL data into EA's. I don't think that library is > installed (and there's no nfs4_acl-dev package).If I do a "ldd /usr/bin/nfs4_getfacl" here are the results: [root at pv-nas ~]# ldd `which nfs4_getfacl` linux-vdso.so.1 => (0x00007fffa76f6000) libattr.so.1 => /lib64/libattr.so.1 (0x00007ffe77f2c000) libc.so.6 => /lib64/libc.so.6 (0x00007ffe77b98000) /lib64/ld-linux-x86-64.so.2 (0x00007ffe7833d000) So, I don't see any shared library specifically for NFSv4 stuff, just the libattr dependency. I'm guessing this is what you mean - that there isn't a shared library available with an API you could use in a Samba VFS module to abstract the calls for getting/setting the NFSv4 ACLs - you'd have to actually write the entire library inside the VFS module? I'll poke around and see if anyone has written a shared library on Linux for NFSv4 ACLs. -Nick =This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.