Re: [Samba] windows and nfs4 acls

[steve]

On 03/01/2012 01:06 AM, Ali Bendriss wrote:

We want a folder where files are created group rw from a base filesystem:
ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0)

Hi,

I can't see the acl mount option on your options list.
Have you tried setting it ?

--
Ali

Hi
Thanks for the hint. It pointed us in the rigt direction. It must be a 
default beacuse adding it to fstab makes no difference. There's 
something about acl and xattr being mutually exclusive, or exclusive to 
when the fs was built and when it is mounted.


Anyway, it seems that on openSUSE, the default for any nfs command is 
the highest available number. Meaning that even if you specify nfs3, the 
mount is still nfs4. You have to specifically tell it in 
/etc/sysconfig/nfs. Not an easy one to spot.

Cheers,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[James D. Parra]

Anyway, it seems that on openSUSE, the default for any nfs command is 
the highest available number. Meaning that even if you specify nfs3, the 
mount is still nfs4. You have to specifically tell it in 
/etc/sysconfig/nfs. Not an easy one to spot.
~~~

Hello,

In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example;

hostname:/nfs3/share_name   /mnt/share_namenfs nfsvers=3,tcp 0 0

That worked for me.

Best regards,

James
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[steve]

On 03/01/2012 08:13 PM, James D. Parra wrote:

Anyway, it seems that on openSUSE, the default for any nfs command is
the highest available number. Meaning that even if you specify nfs3, the
mount is still nfs4. You have to specifically tell it in
/etc/sysconfig/nfs. Not an easy one to spot.
~~~

Hello,

In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example;

hostname:/nfs3/share_name   /mnt/share_namenfs nfsvers=3,tcp 0 0

That worked for me.

Best regards,

James

Thanks James. Got it.

But what a pity about the incompatible-with-everything-else nfs4 acls.
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[steve]

On 02/28/2012 06:45 PM, Jeremy Allison wrote:

On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:

2012-02-28 08:27 keltezéssel, steve írta:

Hi everyone

We're really struggling with nfs4--  windows acls.

Scenario
  Samba4 share --  cifs --  win7. No problem
  Samba4 share --  nfs4 --  Linux. acls not inherited
Neither is there inheritance vica versa.

  e.g. It is not possible to create files with group rw on a umask 0022
nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
acls this works fine. I've approached the nfs4 devs and they've said
that they'll look into it, but so far. Exporting nfs4 with -o noacl
(in the hope that the windows acl would take effect) has no effect.

1. Is it possible to get Samba to override the nfs4 acl and use
whatever I've set on windows security acl instead?
2. Is there a way to export a single directory with a umask of my choice?
3. Would it be reasonable to ask my distro (openSUSE) to consider this
problem as a feature request? Perhaps as a patch over nfs4_setfacl?
Thanks,
L  S at lcb


IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
order to get them applied o the Linux (or NFS4) side there should be a
Linux kernel security module (LSM) which would override the posix acls.

If RichACLs gets adopted (I'm assuming this will be the
same model as NFSv4) then we'll just add a Samba VFS
module to map incoming Windows ACLs to RichACLs.

Jeremy.

Hi everyone

This really is a hopeless situation at the moment. The nfs devs have 
suggested I switch from the secure nfs4 to nfs3 so I can use posix acls. 
This does not work however. I use setfacl on a folder. As soon as it is 
mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike.


The devs of the various filesystems seem to be working in isolation. We 
feel trapped and can't see a way out. I wonder if this is due to us 
asking poor questions? Could I simplify?


We want a folder where files are created group rw from a base filesystem:
ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0)

Samba4 -- Win7 acl=OK
The same Samba4 server internal posix acl on ext4 acl=OK
The same folder on the same server mounted nfs acl=destroyed

Have I overlooked anything here?

Thanks for your time,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[steve]

On 02/29/2012 10:28 PM, steve wrote:

On 02/28/2012 06:45 PM, Jeremy Allison wrote:

On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:

2012-02-28 08:27 keltezéssel, steve írta:

Hi everyone

We're really struggling with nfs4--  windows acls.

Scenario
  Samba4 share --  cifs --  win7. No problem
  Samba4 share --  nfs4 --  Linux. acls not inherited
Neither is there inheritance vica versa.

  e.g. It is not possible to create files with group rw on a umask 
0022

nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
acls this works fine. I've approached the nfs4 devs and they've said
that they'll look into it, but so far. Exporting nfs4 with -o noacl
(in the hope that the windows acl would take effect) has no effect.

1. Is it possible to get Samba to override the nfs4 acl and use
whatever I've set on windows security acl instead?
2. Is there a way to export a single directory with a umask of my 
choice?

3. Would it be reasonable to ask my distro (openSUSE) to consider this
problem as a feature request? Perhaps as a patch over nfs4_setfacl?
Thanks,
L  S at lcb

IMHO Samba4 sets the windows (non posix) acls as extended 
attributes. In

order to get them applied o the Linux (or NFS4) side there should be a
Linux kernel security module (LSM) which would override the posix acls.

If RichACLs gets adopted (I'm assuming this will be the
same model as NFSv4) then we'll just add a Samba VFS
module to map incoming Windows ACLs to RichACLs.

Jeremy.

Hi everyone

This really is a hopeless situation at the moment. The nfs devs have 
suggested I switch from the secure nfs4 to nfs3 so I can use posix 
acls. This does not work however. I use setfacl on a folder. As soon 
as it is mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike.


The devs of the various filesystems seem to be working in isolation. 
We feel trapped and can't see a way out. I wonder if this is due to us 
asking poor questions? Could I simplify?


We want a folder where files are created group rw from a base filesystem:
ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0)

Samba4 -- Win7 acl=OK
The same Samba4 server internal posix acl on ext4 acl=OK
The same folder on the same server mounted nfs acl=destroyed

Have I overlooked anything here?

Thanks for your time,
Steve



Ironically, I've just noticed:
NTVFS backend 'xattr' registered
NTVFS backend 'nfs4acl' registered
from samba -i -d3

Does this mean anything to anyone?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[Gémes Géza]

2012-02-28 08:27 keltezéssel, steve írta:
 Hi everyone

 We're really struggling with nfs4 -- windows acls.

 Scenario
  Samba4 share -- cifs -- win7. No problem
  Samba4 share -- nfs4 -- Linux. acls not inherited
 Neither is there inheritance vica versa.

  e.g. It is not possible to create files with group rw on a umask 0022
 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
 acls this works fine. I've approached the nfs4 devs and they've said
 that they'll look into it, but so far. Exporting nfs4 with -o noacl
 (in the hope that the windows acl would take effect) has no effect.

 1. Is it possible to get Samba to override the nfs4 acl and use
 whatever I've set on windows security acl instead?
 2. Is there a way to export a single directory with a umask of my choice?
 3. Would it be reasonable to ask my distro (openSUSE) to consider this
 problem as a feature request? Perhaps as a patch over nfs4_setfacl?
 Thanks,
 L  S at lcb

IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
order to get them applied o the Linux (or NFS4) side there should be a
Linux kernel security module (LSM) which would override the posix acls.

Regards

Geza
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] windows and nfs4 acls

[Jeremy Allison]

On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote:
 2012-02-28 08:27 keltezéssel, steve írta:
  Hi everyone
 
  We're really struggling with nfs4 -- windows acls.
 
  Scenario
   Samba4 share -- cifs -- win7. No problem
   Samba4 share -- nfs4 -- Linux. acls not inherited
  Neither is there inheritance vica versa.
 
   e.g. It is not possible to create files with group rw on a umask 0022
  nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows
  acls this works fine. I've approached the nfs4 devs and they've said
  that they'll look into it, but so far. Exporting nfs4 with -o noacl
  (in the hope that the windows acl would take effect) has no effect.
 
  1. Is it possible to get Samba to override the nfs4 acl and use
  whatever I've set on windows security acl instead?
  2. Is there a way to export a single directory with a umask of my choice?
  3. Would it be reasonable to ask my distro (openSUSE) to consider this
  problem as a feature request? Perhaps as a patch over nfs4_setfacl?
  Thanks,
  L  S at lcb
 
 IMHO Samba4 sets the windows (non posix) acls as extended attributes. In
 order to get them applied o the Linux (or NFS4) side there should be a
 Linux kernel security module (LSM) which would override the posix acls.

If RichACLs gets adopted (I'm assuming this will be the
same model as NFSv4) then we'll just add a Samba VFS
module to map incoming Windows ACLs to RichACLs.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] windows and nfs4 acls

[steve]

Hi everyone

We're really struggling with nfs4 -- windows acls.

Scenario
 Samba4 share -- cifs -- win7. No problem
 Samba4 share -- nfs4 -- Linux. acls not inherited
Neither is there inheritance vica versa.

 e.g. It is not possible to create files with group rw on a umask 0022 
nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows 
acls this works fine. I've approached the nfs4 devs and they've said 
that they'll look into it, but so far. Exporting nfs4 with -o noacl (in 
the hope that the windows acl would take effect) has no effect.


1. Is it possible to get Samba to override the nfs4 acl and use whatever 
I've set on windows security acl instead?

2. Is there a way to export a single directory with a umask of my choice?
3. Would it be reasonable to ask my distro (openSUSE) to consider this 
problem as a feature request? Perhaps as a patch over nfs4_setfacl?

Thanks,
L  S at lcb

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba