ACLs in windows clients w/ GPFS
in [Samba]
|
Prev: [Samba] Samba Windows Domain Member Server & Windows 7 Clients
Next: PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
From: Orlando Richards on 28 May 2010 05:10 On -10/01/37 20:59, big beer wrote: > Hello list, > > I've got a ctdb cluster working against a GPFS cluster. I've got ACLs > going and have set the default/active ACLs on my folders. The ACLs > seem to be working fine, they are correctly limiting/allowing access > to the said folders/files. > > My issue is that when using the windows client to view/change the ACLs > everything goes south. When trying to view the ACLs via right clicking > on the folder in windows and going to the security tab only shows the > basic unix permissions (owner/group/other). If I try to add a new user > to the ACL via windows it still won't show up in the security window > after adding. When going back to a shell and looking at the ACLs on > the folder in question the new user is present, but the previous ACLs > have been removed. > > Any thoughts on how to get these ACLs to show/work through a windows client? > > Thanks! > Hi Big (!), I've got it working at the moment - here are some relevant settings from my smb.conf. Make sure your filesystem is set to use NFSv4 ACLs ("-k nfs4", or possibly "-k all"). vfs objects = gpfs fileid shadow_copy2 nfs4: mode = special nfs4: chown = yes nfs4: acedup = merge force unknown acl user = yes acl group control = true map acl inherit = yes inherit acls = no dos filemode = no I'm using samba 3.4.5-42 -- Orlando. -- -- Dr Orlando Richards Information Services IT Infrastructure Division Unix Section Tel: 0131 650 4994 The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: big beer on 28 May 2010 12:00
On Fri, May 28, 2010 at 1:31 AM, Orlando Richards <orlando.richards(a)ed.ac.uk> wrote: > On -10/01/37 20:59, big beer wrote: >> >> Hello list, >> >> I've got a ctdb cluster working against a GPFS cluster. I've got ACLs >> going and have set the default/active ACLs on my folders. The ACLs >> seem to be working fine, they are correctly limiting/allowing access >> to the said folders/files. >> >> My issue is that when using the windows client to view/change the ACLs >> everything goes south. When trying to view the ACLs via right clicking >> on the folder in windows and going to the security tab only shows the >> basic unix permissions (owner/group/other). If I try to add a new user >> to the ACL via windows it still won't show up in the security window >> after adding. When going back to a shell and looking at the ACLs on >> the folder in question the new user is present, but the previous ACLs >> have been removed. >> >> Any thoughts on how to get these ACLs to show/work through a windows >> client? >> >> Thanks! >> > > Hi Big (!), > > I've got it working at the moment - here are some relevant settings from my > smb.conf. Make sure your filesystem is set to use NFSv4 ACLs ("-k nfs4", or > possibly "-k all"). > > vfs objects = gpfs fileid shadow_copy2 > nfs4: mode = special > nfs4: chown = yes > nfs4: acedup = merge > force unknown acl user = yes > acl group control = true > map acl inherit = yes > inherit acls = no > dos filemode = no > > I'm using samba 3.4.5-42 > > -- > Orlando. > > > > -- > -- > Dr Orlando Richards > Information Services > IT Infrastructure Division > Unix Section > Tel: 0131 650 4994 > > The University of Edinburgh is a charitable body, registered in Scotland, > with registration number SC005336. > It was the -k setting on the FS. I was running with -k all and trying to use POSIX ACLs. After changing over to -k nfs4 and putting nfs4 ACLs on the FS it works as expected. I guess the GPFS module doesn't work with POSIX ACLs? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |