----- Original Message -----> From: "Jeremy Allison" <jra at samba.org> > To: "Nick E Couchman" <nick.couchman at seakr.com> > Cc: samba at lists.samba.org > Sent: Friday, December 4, 2015 1:22:06 PM > Subject: Re: [Samba] Linux & NFSv4 ACLs> On Thu, Dec 03, 2015 at 07:31:36PM -0700, Nick Couchman wrote: >> >> Try these pages (U Michigan): >> http://www.citi.umich.edu/projects/nfsv4/linux/nfs4-acl-tools/ >> http://www.citi.umich.edu/projects/nfsv4/linux/ >> >> and here: >> http://wiki.linux-nfs.org/wiki/index.php/ACLs >> >> I'm pretty sure that first link is the source that the RHEL/CentOS tools comes >> from. Here's output from YUM on CentOS >> >> [root at snapshots ~]# yum whatprovies *bin/nfs4_getfacl >> Loaded plugins: fastestmirror >> No such command: whatprovies. Please use /usr/bin/yum --help >> [root at snapshots ~]# yum whatprovides *bin/nfs4_getfacl >> Loaded plugins: fastestmirror >> Loading mirror speeds from cached hostfile >> * extras: linux.mirrors.es.net >> nfs4-acl-tools-0.3.3-13.el7.x86_64 : The nfs4 ACL tools >> Repo : base >> Matched from: >> Filename : /usr/bin/nfs4_getfacl > > Thanks for that. The problem is /usr/bin/nfs4_getfacl > uses an internal library to get marshall/unmarshall the > ACL data into EA's. I don't think that library is > installed (and there's no nfs4_acl-dev package).If I do a "ldd /usr/bin/nfs4_getfacl" here are the results: [root at pv-nas ~]# ldd `which nfs4_getfacl` linux-vdso.so.1 => (0x00007fffa76f6000) libattr.so.1 => /lib64/libattr.so.1 (0x00007ffe77f2c000) libc.so.6 => /lib64/libc.so.6 (0x00007ffe77b98000) /lib64/ld-linux-x86-64.so.2 (0x00007ffe7833d000) So, I don't see any shared library specifically for NFSv4 stuff, just the libattr dependency. I'm guessing this is what you mean - that there isn't a shared library available with an API you could use in a Samba VFS module to abstract the calls for getting/setting the NFSv4 ACLs - you'd have to actually write the entire library inside the VFS module? I'll poke around and see if anyone has written a shared library on Linux for NFSv4 ACLs. -Nick =This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.
On Fri, Dec 04, 2015 at 01:37:33PM -0700, Nick Couchman wrote:> ----- Original Message ----- > > From: "Jeremy Allison" <jra at samba.org> > > To: "Nick E Couchman" <nick.couchman at seakr.com> > > Cc: samba at lists.samba.org > > Sent: Friday, December 4, 2015 1:22:06 PM > > Subject: Re: [Samba] Linux & NFSv4 ACLs > > > On Thu, Dec 03, 2015 at 07:31:36PM -0700, Nick Couchman wrote: > >> > >> Try these pages (U Michigan): > >> http://www.citi.umich.edu/projects/nfsv4/linux/nfs4-acl-tools/ > >> http://www.citi.umich.edu/projects/nfsv4/linux/ > >> > >> and here: > >> http://wiki.linux-nfs.org/wiki/index.php/ACLs > >> > >> I'm pretty sure that first link is the source that the RHEL/CentOS tools comes > >> from. Here's output from YUM on CentOS > >> > >> [root at snapshots ~]# yum whatprovies *bin/nfs4_getfacl > >> Loaded plugins: fastestmirror > >> No such command: whatprovies. Please use /usr/bin/yum --help > >> [root at snapshots ~]# yum whatprovides *bin/nfs4_getfacl > >> Loaded plugins: fastestmirror > >> Loading mirror speeds from cached hostfile > >> * extras: linux.mirrors.es.net > >> nfs4-acl-tools-0.3.3-13.el7.x86_64 : The nfs4 ACL tools > >> Repo : base > >> Matched from: > >> Filename : /usr/bin/nfs4_getfacl > > > > Thanks for that. The problem is /usr/bin/nfs4_getfacl > > uses an internal library to get marshall/unmarshall the > > ACL data into EA's. I don't think that library is > > installed (and there's no nfs4_acl-dev package). > > If I do a "ldd /usr/bin/nfs4_getfacl" here are the results: > [root at pv-nas ~]# ldd `which nfs4_getfacl` > linux-vdso.so.1 => (0x00007fffa76f6000) > libattr.so.1 => /lib64/libattr.so.1 (0x00007ffe77f2c000) > libc.so.6 => /lib64/libc.so.6 (0x00007ffe77b98000) > /lib64/ld-linux-x86-64.so.2 (0x00007ffe7833d000) > > > So, I don't see any shared library specifically for NFSv4 stuff, just the libattr dependency. I'm guessing this is what you mean - that there isn't a shared library available with an API you could use in a Samba VFS module to abstract the calls for getting/setting the NFSv4 ACLs - you'd have to actually write the entire library inside the VFS module?Yep, that's exactly is. Internal to nfs4_getfacl source there's libnfs4acl/, which does what we need, but it doesn't get installed by 'make install'.
On Fri, Dec 4, 2015 at 3:54 PM, Jeremy Allison <jra at samba.org> wrote:> On Fri, Dec 04, 2015 at 01:37:33PM -0700, Nick Couchman wrote:>> So, I don't see any shared library specifically for NFSv4 stuff, just the libattr dependency. I'm guessing this is what you mean - that there isn't a shared library available with an API you could use in a Samba VFS module to abstract the calls for getting/setting the NFSv4 ACLs - you'd have to actually write the entire library inside the VFS module? > > Yep, that's exactly is. Internal to nfs4_getfacl > source there's libnfs4acl/, which does what we need, > but it doesn't get installed by 'make install'.I did some work with this maybe.... 4 years ago now? If you recompile the "nfs4-acl-tools" SRPM on CentOS or RHEL with the graphical options enabled, you get a very helpful graphical tool for this. It can and does work, but it can be very tricky to set all the relevant levels of permissions. In the Linux NFSv4 world, they are *order sensitive* settings, and do not map completely to NTFS style permissions. But you can get close enough to call it jazz if you don't try to get too clever with it.....