On Wed, Apr 07, 2010 at 07:50:37AM -0400, Nico Kadel-Garcia wrote:
I'm reviewing some corporate storage setups involving NetApps, where
the NetApp stores what they call UNIX Qtrees. So far, so good: those
allow the setting of access to the data with NFS4 ACL's, which are
fairly sophisticated and allow multiple groups or even multiple users
to be granted write access.or read access, besides the normal UNIX
group owner. That works fine.
But we'd like Windows clients to be able to *read* this information.
Not necessarily to be able to reset it, although that would be nice.
But to *read* the directory and file permissions and see who owns it.
The groups and users are synced between the Active Directory domain
and the NetApp's with fairly sophisticated NIS middleware, but the
Windows CIFS clients can't see the details of file ownership. I've
noted some discussion in the mailing list logs for NFS4 ACL patches
but I'm not aware of anyone reporting on this feature.
My first tests with Samba 3.0.33 or the samba3x-3.3.8 package on
RHEL 5 don't seem to show any improvements. But I'm not sure if there
are more recent releases, or flags I should be using, to make that
security data visible to Windows users. Does anyone here have
suggestions on upgrades or settings to support this? Or even know if
it's feasible?
As long as the Kernel does not pass the requests through to
user-space via some API, I would guess it is highly unlikely
that this can be passed to the Windows clients. Maybe at
some point it would be necessary to write a full NFSv 3 and 4
client as a Samba user-space VFS module, so that we are
independent of the kernel and have access to the only
specified NFSv4 ACL interface, the on-the-wire protocol :-)
Volker
signature.asc
Description: Digital signature
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
