Felix Stolte
2018-Jun-14 14:28 UTC
[Samba] ACL Anomaly with vfs_acl_xattr on ocfs2 volumes running on ubuntu 18.04
Hello everyone, we are running a CTDB cluster and share folders on ocfs2 volumes via samba using the vfs acl_xattr to store acls in extended attributes. It works fine with Ubuntu 16.04 LTS. I'm currently testing 18.04 and have a weird (but reproducable) ACL behaviour: I grant two users a and user b full access on a folder from a windows client. (Share permissions are fullcontrol for everyone). If the folder is owned by user A, user B can change into it, but is not allowed to create files or folders. He is however allowed to delete files and folders. This is only on ocfs2 formated volumes, on ext4 or cephfs ACLs work as expected. Anybody ran into the same issue and has a solution for this? Best regards Felix -- Felix Stolte IT-Services Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir. Dr. Karl Eugen Huthmacher Geschäftsführung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt
Jeremy Allison
2018-Jun-14 23:58 UTC
[Samba] ACL Anomaly with vfs_acl_xattr on ocfs2 volumes running on ubuntu 18.04
On Thu, Jun 14, 2018 at 04:28:51PM +0200, Felix Stolte via samba wrote:> Hello everyone, > > we are running a CTDB cluster and share folders on ocfs2 volumes via samba > using the vfs acl_xattr to store acls in extended attributes. It works fine > with Ubuntu 16.04 LTS. I'm currently testing 18.04 and have a weird (but > reproducable) ACL behaviour: I grant two users a and user b full access on a > folder from a windows client. (Share permissions are fullcontrol for > everyone). If the folder is owned by user A, user B can change into it, but > is not allowed to create files or folders. He is however allowed to delete > files and folders. > > This is only on ocfs2 formated volumes, on ext4 or cephfs ACLs work as > expected. Anybody ran into the same issue and has a solution for this?Hi Felix, not many people have experience with Sama on ocfs2. I suggest getting debug level 10 logs between 16.04 where it works and 18.04 where it fails and look for the difference.