viewing, if not editing, NFSv4 ACL's from Samba shares
in [Samba]
|
From: Jeremy Allison on 20 Apr 2010 18:10 On Tue, Apr 20, 2010 at 05:31:03PM -0400, Nico Kadel-Garcia wrote: > For any file or directory where NFSv4 ACL's have been specifically > set, if I use a Windows XP client to look up "Properties" on the > object, I see no "Security" tab at all. Oh, I see. Noticed in a reply to Volker that you're using RHEL, not Solaris. The zfs acl module only (naturally) works on Solaris, it uses Solaris specific calls. We don't (yet) have a module to map NFSv4 ACLs on Linux to Windows ACL displays. Should just be a (haha:-) simple matter of changing the AIX or Solaris module to use the Linux NFSv4 ACL API. Is one standardized yet ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jeremy Allison on 20 Apr 2010 18:20 On Tue, Apr 20, 2010 at 05:20:47PM -0400, Nico Kadel-Garcia wrote: > RHEL 5. It's why I've been writing lately about the tI've been > avoiding Solaris as file servers since I wrote one of the first Samba > ports for SunOS 4.1.2, way back in the 1990's. Ok, how are you mounting the NetApp NFSv4 shares ? Are you using an NFSv4 client built into RHEL ? Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Jeremy Allison on 20 Apr 2010 18:30 On Tue, Apr 20, 2010 at 11:31:47PM +0200, Volker Lendecke wrote: > On Tue, Apr 20, 2010 at 05:20:47PM -0400, Nico Kadel-Garcia wrote: > > Nope. I really, really wish it did. The relevant clients are Windows > > XP, if that has any role. And I've confirmed that the files and > > directories generated do follow the NFSv4 ACL policies. > > And they don't allow to modify them? That's strange. > > > As a relatively ignorant user, I wonder if mapping for display might > > be considered too awkward. NFSv4 ACL's are storead as > > 'username(a)domain', rather than as 'username', and Windows doesn't seem > > to have the same concept of ordering of ACL's as NFSv4 has, so it > > could be pretty tricky. > > ACL ordering is one of the nastiest pieces of NFSv4/Windows > ACL interop. But you can't do much about that. > > > > What platform is your Samba server running on? Is this > > > Solaris? > > > > RHEL 5. It's why I've been writing lately about the tI've been > > avoiding Solaris as file servers since I wrote one of the first Samba > > ports for SunOS 4.1.2, way back in the 1990's. > > I thought it was Solaris because you've got the zfsacl > module activated. > > I was told today that the Linux NFSv4 client file system > passes the ACLs as xattrs to user space. So it should "just" > be a matter of writing a VFS module to get what you want. > Probably very few days of coding. If just had time... Oh, I've found the source code. It's horrifying :-). They read and write the xattr system.nfs4_acl as an xdr encoded blob. There's no library API at all, as far as I can see, it's all hand marshalling for the two binaries nfs4_setfacl and nfs4_getfacl. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
First
|
Prev
|
Pages: 1 2 Prev: [Samba] viewing, if not editing, NFSv4 ACL's from Samba shares Next: offline logon in 3.4.7-58 |