For our HPC shares, we just implement one group per folder, essentially POSIX permissions. Few groups want smb access.
Nearly all other shares are just SMB. Of course its the most important one that uses smb and NFS! Surely there must a be a guidance document on setting up dual protocol shares. Kindest regards, Paul Paul Ward TS Infrastructure Architect Natural History Museum T: 02079426450 E: [email protected] -----Original Message----- From: gpfsug-discuss <[email protected]> On Behalf Of Tagliavini, Enrico Sent: 19 September 2022 08:42 To: [email protected] Subject: Re: [gpfsug-discuss] Supported samba options We run stock Samba (not CES), with vfs_gpfs module enabled and we use POSIX ACL, it works well. Granted Windows permission do not map 1:1 to the POSIX ACL, some options will do nothing, but that's acceptable for us and avoid the use of the NFSv4 ACL, which are not supported by pretty much any common tool (e.g. rsync). -- Enrico Tagliavini Systems / Software Engineer [email protected] Friedrich Miescher Institute for Biomedical Research Informatics Maulbeerstrasse 66 4058 Basel Switzerland On Fri, 2022-09-16 at 22:40 +0100, Jonathan Buzzard wrote: > On 16/09/2022 11:02, Paul Ward wrote: > > > > Thanks Christof, > > > > But we are already using 'hosts deny', 'hosts allow' and 'valid users' > > which appear to have been implemented. > > Is there a document showing what is implemented, rather than just supported. > > > > If there are supported commands, that replace the three I have mentioned > > (and force user/ force group) please let me know. > > > > We have shares where we want to restrict access to one of more servers, no > > password required. > > And shares where we want to restrict access to multiple AD users, currently > > not specified in AD groups, although that is an option. > > > > In my experience, though this was all many years ago, as I have not > run Samba on GPFS for over a decade now (it's about to change as I am > in the process of setting up some protocol nodes) the force user, etc. > etc. did not work well. > > The "right" solution is or certainly was to use NFSv4 ACL's and the > vfs_gpfs module to make it all work as near as possible to a Windows server. > > I of course had the realization a couple of days ago that I am going > to have to put NFSv4 ACL's on everything in the file system which > means backing it all up again :-( > > > JAB. > _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss_gpfsug.org&data=05%7C01%7Cp.ward%40nhm.ac.uk%7Cd80e103e060641ee84d308da9a12af35%7C73a29c014e78437fa0d4c8553e1960c1%7C1%7C0%7C637991702285798537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=39Sy9QokhwXaFnobEWiyI7XAgzGEEluwUx6T%2FradXyg%3D&reserved=0 _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
