We run stock Samba (not CES), with vfs_gpfs module enabled and we use POSIX ACL, it works well. Granted Windows permission do not map 1:1 to the POSIX ACL, some options will do nothing, but that's acceptable for us and avoid the use of the NFSv4 ACL, which are not supported by pretty much any common tool (e.g. rsync).
-- Enrico Tagliavini Systems / Software Engineer [email protected] Friedrich Miescher Institute for Biomedical Research Informatics Maulbeerstrasse 66 4058 Basel Switzerland On Fri, 2022-09-16 at 22:40 +0100, Jonathan Buzzard wrote: > On 16/09/2022 11:02, Paul Ward wrote: > > > > Thanks Christof, > > > > But we are already using 'hosts deny', 'hosts allow' and 'valid users' > > which appear to have been implemented. > > Is there a document showing what is implemented, rather than just supported. > > > > If there are supported commands, that replace the three I have mentioned > > (and force user/ force group) please let me know. > > > > We have shares where we want to restrict access to one of more servers, no > > password required. > > And shares where we want to restrict access to multiple AD users, currently > > not specified in AD groups, although that is an option. > > > > In my experience, though this was all many years ago, as I have not run > Samba on GPFS for over a decade now (it's about to change as I am in the > process of setting up some protocol nodes) the force user, etc. etc. did > not work well. > > The "right" solution is or certainly was to use NFSv4 ACL's and the > vfs_gpfs module to make it all work as near as possible to a Windows server. > > I of course had the realization a couple of days ago that I am going to > have to put NFSv4 ACL's on everything in the file system which means > backing it all up again :-( > > > JAB. > _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
