Re: [Samba] windows and nfs4 acls
On 03/01/2012 01:06 AM, Ali Bendriss wrote: We want a folder where files are created group rw from a base filesystem: ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) Hi, I can't see the acl mount option on your options list. Have you tried setting it ? -- Ali Hi Thanks for the hint. It pointed us in the rigt direction. It must be a default beacuse adding it to fstab makes no difference. There's something about acl and xattr being mutually exclusive, or exclusive to when the fs was built and when it is mounted. Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On 03/01/2012 08:13 PM, James D. Parra wrote: Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James Thanks James. Got it. But what a pity about the incompatible-with-everything-else nfs4 acls. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On 02/28/2012 06:45 PM, Jeremy Allison wrote: On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote: 2012-02-28 08:27 keltezéssel, steve írta: Hi everyone We're really struggling with nfs4-- windows acls. Scenario Samba4 share -- cifs -- win7. No problem Samba4 share -- nfs4 -- Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L S at lcb IMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls. If RichACLs gets adopted (I'm assuming this will be the same model as NFSv4) then we'll just add a Samba VFS module to map incoming Windows ACLs to RichACLs. Jeremy. Hi everyone This really is a hopeless situation at the moment. The nfs devs have suggested I switch from the secure nfs4 to nfs3 so I can use posix acls. This does not work however. I use setfacl on a folder. As soon as it is mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike. The devs of the various filesystems seem to be working in isolation. We feel trapped and can't see a way out. I wonder if this is due to us asking poor questions? Could I simplify? We want a folder where files are created group rw from a base filesystem: ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) Samba4 -- Win7 acl=OK The same Samba4 server internal posix acl on ext4 acl=OK The same folder on the same server mounted nfs acl=destroyed Have I overlooked anything here? Thanks for your time, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On 02/29/2012 10:28 PM, steve wrote: On 02/28/2012 06:45 PM, Jeremy Allison wrote: On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote: 2012-02-28 08:27 keltezéssel, steve írta: Hi everyone We're really struggling with nfs4-- windows acls. Scenario Samba4 share -- cifs -- win7. No problem Samba4 share -- nfs4 -- Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L S at lcb IMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls. If RichACLs gets adopted (I'm assuming this will be the same model as NFSv4) then we'll just add a Samba VFS module to map incoming Windows ACLs to RichACLs. Jeremy. Hi everyone This really is a hopeless situation at the moment. The nfs devs have suggested I switch from the secure nfs4 to nfs3 so I can use posix acls. This does not work however. I use setfacl on a folder. As soon as it is mounted nfs3 (or4) the acl is lost. openSUSE and Ubuntu alike. The devs of the various filesystems seem to be working in isolation. We feel trapped and can't see a way out. I wonder if this is due to us asking poor questions? Could I simplify? We want a folder where files are created group rw from a base filesystem: ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) Samba4 -- Win7 acl=OK The same Samba4 server internal posix acl on ext4 acl=OK The same folder on the same server mounted nfs acl=destroyed Have I overlooked anything here? Thanks for your time, Steve Ironically, I've just noticed: NTVFS backend 'xattr' registered NTVFS backend 'nfs4acl' registered from samba -i -d3 Does this mean anything to anyone? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
2012-02-28 08:27 keltezéssel, steve írta: Hi everyone We're really struggling with nfs4 -- windows acls. Scenario Samba4 share -- cifs -- win7. No problem Samba4 share -- nfs4 -- Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L S at lcb IMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote: 2012-02-28 08:27 keltezéssel, steve írta: Hi everyone We're really struggling with nfs4 -- windows acls. Scenario Samba4 share -- cifs -- win7. No problem Samba4 share -- nfs4 -- Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L S at lcb IMHO Samba4 sets the windows (non posix) acls as extended attributes. In order to get them applied o the Linux (or NFS4) side there should be a Linux kernel security module (LSM) which would override the posix acls. If RichACLs gets adopted (I'm assuming this will be the same model as NFSv4) then we'll just add a Samba VFS module to map incoming Windows ACLs to RichACLs. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows and nfs4 acls
Hi everyone We're really struggling with nfs4 -- windows acls. Scenario Samba4 share -- cifs -- win7. No problem Samba4 share -- nfs4 -- Linux. acls not inherited Neither is there inheritance vica versa. e.g. It is not possible to create files with group rw on a umask 0022 nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows acls this works fine. I've approached the nfs4 devs and they've said that they'll look into it, but so far. Exporting nfs4 with -o noacl (in the hope that the windows acl would take effect) has no effect. 1. Is it possible to get Samba to override the nfs4 acl and use whatever I've set on windows security acl instead? 2. Is there a way to export a single directory with a umask of my choice? 3. Would it be reasonable to ask my distro (openSUSE) to consider this problem as a feature request? Perhaps as a patch over nfs4_setfacl? Thanks, L S at lcb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba