Ralph Boehme
2023-Aug-21 13:13 UTC
[Samba] ...or howto change vfs_acl_xattr options inplace without changing access rights
On 8/18/23 09:55, Sebastian Neustein via samba wrote:> With the default settings of vfs_acl_xattr samba takes posix acls into > account when delivering data - how can I activate > "acl_xattr:ignore system acls = yes" > without loosing the information saved in posix acls? Background: our > future file system won't be able to support acls.Sorry, but this is confusing? Why don't you want to loose POSIX ACLs when the new filesystem doesn't support them anyway? I would basically rsync, preserving xattrs, and set POSIX filesystem permissions to 0777/0666. vfs_acl_xattr will be serving NT ACLs from the migrated xattrs, ignoring filesystem permissions given that "acl_xattr:ignore system acls = yes" is set. -slow -- Meet us at Storage Developer Conference (SDC) On 18th to 21st September 2023 in Fremont, CA More information at https://samba.plus/events Meet us at the conference storage2day 2023! 26th & 27th September, in Frankfurt am Main Event on Storage Networks & Data Management Find more info at https://samba.plus/events Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/ SAMBA+ Samba packages https://samba.plus/ SAMBA+ Webinar https://samba.plus/samba-webinars -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20230821/28bd3d06/OpenPGP_signature.sig>
Sebastian Neustein
2023-Aug-21 16:20 UTC
[Samba] ...or howto change vfs_acl_xattr options inplace without changing access rights
Hi Ralph> On 8/18/23 09:55, Sebastian Neustein via samba wrote: >> With the default settings of vfs_acl_xattr samba takes posix acls >> into account when delivering data - how can I activate >> "acl_xattr:ignore system acls = yes" >> without loosing the information saved in posix acls? Background: our >> future file system won't be able to support acls. > > Sorry, but this is confusing? Why don't you want to loose POSIX ACLs > when the new filesystem doesn't support them anyway? > > I would basically rsync, preserving xattrs, and set POSIX filesystem > permissions to 0777/0666. vfs_acl_xattr will be serving NT ACLs from > the migrated xattrs, ignoring filesystem permissions given that > "acl_xattr:ignore system acls = yes" is set.The storage has come a long way with various changes of the smb.conf. It is possible that at the time of creation of a file/directory vfs_acl_xattr was not active. This could mean that the directory does not have any extended attributes written to it and ACLs are only defined with POSIX ACLs. In this case I would need a trigger to write the information stored in POSIX ACLs into the extended attributes. Is there anything like this? By the way, does vfs_acl_xattr always write the extended attribute in the same way, no matter if "ignore system acls" is activated or not? I assumed that samba/vfs_acl_xattr would set the POSIX ACLs first and write all the _other_ information in the extended attributes. Maybe a silly assumption... Thank you for your help! Sebastian -- Sebastian Neustein Airport Research Center GmbH Bismarckstra?e 61 52066 Aachen Germany Phone: +49 241 16843-23 Fax: +49 241 16843-19 e-mail: sebastian.neustein at arc-aachen.de Website: http://www.airport-consultants.com Register Court: Amtsgericht Aachen HRB 7313 Ust-Id-No.: DE196450052 Managing Director: Dipl.-Ing. Tom Alexander Heuer
Seemingly Similar Threads
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- ...or howto change vfs_acl_xattr options inplace without changing access rights
- vfs_shadow_copy2 cannot read/find snapshots
- vfs_shadow_copy2 cannot read/find snapshots