Reinald Gfuellner
2016-Nov-17 13:15 UTC
[Samba] Samba4: use Posix-ACLs only? (ext4 - NFS4+CIFS - Fileserver)
I try to set up a Samba4-based Fileserver in an Samba3-DC enviroment.
Filesystem is ext4, CIFS + NFS4 should be provided. The same ACLs should
be used over both protocols.
With Samba 3 this was possible (using POSIX 1003.1e DRAFT 17 ACLs only)
. How can I do the same with Samba 4 ?
Posix-ACLs set on the server with setfacl are recogniced on a
windows-client. But every change I do on a windows-client is not
visible on the posix-side (i.e. not reflected on the fileserver or
on a NFS4-client using getfacl or nfs4_getfacl)
Do I make some trivial mistake, is it just the samba4 version used or is
it in general not longer possible/supported to restrict Samba to
Posix-ACLs understood in an ext4-enviroment? Thanks for any hint.
OS: Ubuntu 14.04 LTS ,
Samba: samba 2:4.1.6+dfsg-1ubuntu2
<https://forums.linuxmint.com/viewtopic.php?f=157&p=1159792#p1159792>
/etc/fstab:
/dev/m1404-filea-vg1/dist_it_test2 /dist/it_test2
ext3 acl,usrjquota=aquota.user,jqfmt=vfsv0 0 0
/etc/samba/smb.conf:
...
# vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
...
Alex Crow
2016-Nov-17 14:40 UTC
[Samba] Samba4: use Posix-ACLs only? (ext4 - NFS4+CIFS - Fileserver)
On 17/11/16 13:15, Reinald Gfuellner via samba wrote:> I try to set up a Samba4-based Fileserver in an Samba3-DC enviroment. > Filesystem is ext4, CIFS + NFS4 should be provided. The same ACLs should > be used over both protocols. > > With Samba 3 this was possible (using POSIX 1003.1e DRAFT 17 ACLs only) > . How can I do the same with Samba 4 ? > > Posix-ACLs set on the server with setfacl are recogniced on a > windows-client. But every change I do on a windows-client is not > visible on the posix-side (i.e. not reflected on the fileserver or > on a NFS4-client using getfacl or nfs4_getfacl) > > > Do I make some trivial mistake, is it just the samba4 version used or is > it in general not longer possible/supported to restrict Samba to > Posix-ACLs understood in an ext4-enviroment? Thanks for any hint. > > OS: Ubuntu 14.04 LTS , > Samba: samba 2:4.1.6+dfsg-1ubuntu2 > <https://forums.linuxmint.com/viewtopic.php?f=157&p=1159792#p1159792> > > /etc/fstab: > > /dev/m1404-filea-vg1/dist_it_test2 /dist/it_test2 ext3 acl,usrjquota=aquota.user,jqfmt=vfsv0 0 0 > > /etc/samba/smb.conf: > > ... > # vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > ... > >Hi, We use POSIX ACLs and they seem to work. map acl inherit = Yes nt acl support = yes but *not* vfs objects = acl_xattr Cheers Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).
Reinald Gfuellner
2016-Nov-18 08:30 UTC
[Samba] Samba4: use Posix-ACLs only? (ext4 - NFS4+CIFS - Fileserver)
Hi, Thanks for your reply, Alex. May I know, what Samba-Version you are using? I already had to make a downgrade from 4.3.9 to 4.1.6 because of known incompatibilities (1 <https://www.mail-archive.com/search?l=ubuntu-bugs at lists.ubuntu.com&q=subject:%22%5C[Bug+1572876%5C]+Re%5C:+After+Samba+upgrade+can%27t+access+unpassworded+windows+share%22&o=newest&f=1> , 2 <https://forums.linuxmint.com/viewtopic.php?f=157&p=1159792#p1159792>) to the existing samba3/NT4- enviroment. Exact question would be: Is there a Samba4-Version known do work with POSIX-ACLS under a Samba3- DC. Cheers Reinald Am 17.11.2016 um 15:40 schrieb Alex Crow via samba:> On 17/11/16 13:15, Reinald Gfuellner via samba wrote: >> I try to set up a Samba4-based Fileserver in an Samba3-DC enviroment. >> Filesystem is ext4, CIFS + NFS4 should be provided. The same ACLs should >> be used over both protocols. >> >> With Samba 3 this was possible (using POSIX 1003.1e DRAFT 17 ACLs only) >> . How can I do the same with Samba 4 ? >> >> Posix-ACLs set on the server with setfacl are recogniced on a >> windows-client. But every change I do on a windows-client is not >> visible on the posix-side (i.e. not reflected on the fileserver or >> on a NFS4-client using getfacl or nfs4_getfacl) >> >> >> Do I make some trivial mistake, is it just the samba4 version used or is >> it in general not longer possible/supported to restrict Samba to >> Posix-ACLs understood in an ext4-enviroment? Thanks for any hint. >> >> OS: Ubuntu 14.04 LTS , >> Samba: samba 2:4.1.6+dfsg-1ubuntu2 >> <https://forums.linuxmint.com/viewtopic.php?f=157&p=1159792#p1159792> >> >> /etc/fstab: >> >> /dev/m1404-filea-vg1/dist_it_test2 >> /dist/it_test2 ext3 >> acl,usrjquota=aquota.user,jqfmt=vfsv0 0 0 >> >> /etc/samba/smb.conf: >> >> ... >> # vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> ... >> >> > > Hi, > > We use POSIX ACLs and they seem to work. > > map acl inherit = Yes > nt acl support = yes > > but *not* > > vfs objects = acl_xattr > > Cheers > > Alex > -- > This message is intended only for the addressee and may contain > confidential information. Unless you are that person, you may not > disclose its contents or use it in any way and are requested to delete > the message along with any attachments and notify us immediately. > This email is not intended to, nor should it be taken to, constitute > advice. > The information provided is correct to our knowledge & belief and must > not > be used as a substitute for obtaining tax, regulatory, investment, > legal or > any other appropriate advice. > > "Transact" is operated by Integrated Financial Arrangements Ltd. > 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) > 7608 5300. > (Registered office: as above; Registered in England and Wales under > number: 3727592). Authorised and regulated by the Financial Conduct > Authority (entered on the Financial Services Register; no. 190856). >-- ________________________________________________________________________ Dipl.-Ing.(FH) Reinald Gfuellner http://www.rcs.ei.tum.de Institute for Real-Time Computer Systems (RCS) fon +49-89-289-23564 Technische Universitaet Muenchen, D-80290 Muenchen fax +49-89-289-23555