Re: [Samba] Samba 3.6 directory ACLs
Dear Jeremy Here you go :-). Download the jumbo patch for 3.5.6 here: http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz Please test and give me feedback ! Thank you for caring about this. I successfully patched the source code. Unfortunately, when I tried to compile it, I hit some obstacles. I solved some of them until one came that I am unable to surmount, because my skills are not up to what's needed. I am a sysadmin, not a programmer... A former compilation succeeded but it had no LDAP and no Kerberos. After installing some packages, LDAP passed but compilation failed with this error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 So, for me the best bet is this: are you willing to include these patches in the next release of Samba (3.5.7 ?)? Nevertheless, I thank you for your commitment. I am sure that others will greatly benefit from this work right now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
On Tue, Oct 26, 2010 at 07:51:45PM +0100, Miguel Medalha wrote: Dear Jeremy Here you go :-). Download the jumbo patch for 3.5.6 here: http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz Please test and give me feedback ! Thank you for caring about this. I successfully patched the source code. Unfortunately, when I tried to compile it, I hit some obstacles. I solved some of them until one came that I am unable to surmount, because my skills are not up to what's needed. I am a sysadmin, not a programmer... A former compilation succeeded but it had no LDAP and no Kerberos. After installing some packages, LDAP passed but compilation failed with this error: cifs.upcall.c:(.text+0x360): undefined reference to `smb_krb5_principal_get_realm' cifs.upcall.c:(.text+0x3d3): undefined reference to `smb_krb5_unparse_name' collect2: ld returned 1 exit status make: *** [bin/cifs.upcall] Error 1 Check your configure. You shouldn't need to be compiling cifs.upcall to test this. So, for me the best bet is this: are you willing to include these patches in the next release of Samba (3.5.7 ?)? Yes, so long as all testing passes. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
So, for me the best bet is this: are you willing to include these patches in the next release of Samba (3.5.7 ?)? Yes, so long as all testing passes. Ok, I managed to compile everything. I will start testing soon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
On Mon, Oct 18, 2010 at 11:33:34PM +0100, Miguel Medalha wrote: FYI. I've just committed a jumbo ACL patch for v3-6-test (and am currently looking at backporting this to 3.5.x) which I hope will fix several issues with storing ACLs in xattrs and getting full Windows ACL compatibility. That would be *very* nice, especially the backporting to 3.5.x part! Here you go :-). Download the jumbo patch for 3.5.6 here: http://samba.org/~jra/samba-3-5-x-acl-jumbo-patch.tgz Please test and give me feedback ! Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
I had not realized that the ACL module would store both sets of information. Please note that I *didn't* state that. What I said is that you can use Extended Attributes to *also* store ACL information. ACL information will be stored under a different attribute, which in this case is called security.NTACL. Most Samba VFS modules are stackable. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories Of course you are aware that the normal Windows behavior, which Samba emulates, is to keep ACLs when files are *moved* and modify them according to those of the destination when files are *copied*? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
On Sun, Oct 17, 2010 at 04:04:29AM -0700, Derek Lewis wrote: I have ACLs working for files with the following set in my share definitions: inherit permissions = yes inherit acls=yes map acl inherit=yes vfs_objects = acl_tdb While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories? FYI. I've just committed a jumbo ACL patch for v3-6-test (and am currently looking at backporting this to 3.5.x) which I hope will fix several issues with storing ACLs in xattrs and getting full Windows ACL compatibility. I'll ping the lists when I want wider testing (still ensuring it all works at the moment). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
FYI. I've just committed a jumbo ACL patch for v3-6-test (and am currently looking at backporting this to 3.5.x) which I hope will fix several issues with storing ACLs in xattrs and getting full Windows ACL compatibility. That would be *very* nice, especially the backporting to 3.5.x part! Thank you! (By the way: is there some tool that can manage the ACLs stored in Extended Attributes from the Linux command line? That would give us the best of both worlds: Windows compatibility and ACL setting from the server side. I know it is possible to use getfattr/setfattr but this is not very friendly, is it? Also, a module providing those ACLs to Linux so that, for example, SSH or FTP could use them, would be very interesting. Am I asking too much or is this in some way irrelevant?) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6 directory ACLs
I have ACLs working for files with the following set in my share definitions: inherit permissions = yes inherit acls=yes map acl inherit=yes vfs_objects = acl_tdb While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories? Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
On 17 October 2010 13:04, Derek Lewis dle...@mtu.edu wrote: [...] Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. I could be wrong, but I think the tdb is for if your filesystem does NOT support extended attributes. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6 directory ACLs
Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. As Michael Wood pointed out in a reply to you, the tdb is to be used when your filesystem does NOT support extended attributes. You can use Extended Attributes to store your timestamp information *and* ACLs, using the ACL_XATTR vfs module. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba