On Wed, Apr 07, 2010 at 07:50:37AM -0400, Nico Kadel-Garcia wrote: > I'm reviewing some corporate storage setups involving NetApps, where > the NetApp stores what they call "UNIX Qtrees". So far, so good: those > allow the setting of access to the data with NFS4 ACL's, which are > fairly sophisticated and allow multiple groups or even multiple users > to be granted write access.or read access, besides the normal UNIX > group owner. That works fine. > > But we'd like Windows clients to be able to *read* this information. > Not necessarily to be able to reset it, although that would be nice. > But to *read* the directory and file permissions and see who owns it. > The groups and users are synced between the Active Directory domain > and the NetApp's with fairly sophisticated NIS middleware, but the > Windows CIFS clients can't see the details of file ownership. I've > noted some discussion in the mailing list logs for NFS4 ACL patches > but I'm not aware of anyone reporting on this feature. > > My first tests with Samba 3.0.33 or the "samba3x-3.3.8" package on > RHEL 5 don't seem to show any improvements. But I'm not sure if there > are more recent releases, or flags I should be using, to make that > security data visible to Windows users. Does anyone here have > suggestions on upgrades or settings to support this? Or even know if > it's feasible?
As long as the Kernel does not pass the requests through to user-space via some API, I would guess it is highly unlikely that this can be passed to the Windows clients. Maybe at some point it would be necessary to write a full NFSv 3 and 4 client as a Samba user-space VFS module, so that we are independent of the kernel and have access to the only specified NFSv4 ACL interface, the on-the-wire protocol :-) Volker
signature.asc
Description: Digital signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
