[OpenIndiana-discuss] Samba4 and ZFS ACLs

James Relph james at themacplace.co.uk
Wed Jul 31 00:45:05 UTC 2013 

OK, getting peculiar behaviour here, but no particular errors, currently I have SAMBA 4.0.6 compiled with:

./configure --with-ad  —with-acl-support —with-shared-modules=nfs4_acls,vfs_zfsacl

What's odd, is now if I connect to the share, I (temporarily) have the correct and expected ACL-based access.  So I can create a folder, rename a folder, delete a folder etc.  Once I have done one action (ie. created a folder called test) it's then as if it "forgets" the user's permissions and it won't let any other actions take place.  So if I:

1)	login to server
2)	create folder test
3)	rename folder test

it will fail at the third step and any subsequent attempts (eg. creating a test2 folder) also aren't allowed (no permission).  However, if I do:

1)	login to server
2)	create folder test
3)	logout
4)	login to server
5)	rename folder test

this works absolutely fine.  Furthermore if I logout and log back in another time, I can keep performing single write actions to the share with each login.

So it seems as though it is *half* working, it's working for one write/modify/delete operation per user login.

James

Principal Consultant
Website:		www.themacplace.co.uk

On 31 Jul 2013, at 00:40, James Relph <james at themacplace.co.uk> wrote:

> Just as a bit more detail on this, the module itself does seem to be loading OK:
> 
> Loading module 'zfsacl': Trying to load from /usr/local/samba/lib/vfs/zfsacl.so
> [2013/07/31 00:07:13.741651,  2] ../lib/util/modules.c:199(do_smb_load_module)
>  Module 'zfsacl' loaded
> [2013/07/31 00:07:13.741725,  5] ../source3/smbd/vfs.c:103(smb_register_vfs)
>  Successfully added vfs backend 'zfsacl'
>  Successfully loaded vfs module [zfsacl] with the new modules system
> 
> No obvious errors in samba.log (log level set to 5), but just seems to be ignoring the ACLs still.
> 
> James.
> 
> On 30 Jul 2013, at 22:56, James Relph <james at themacplace.co.uk> wrote:
> 
>> Hi all,
>> 
>> Just as a follow up from the samba4 build (which has been working fine in terms of basic access and winbind for netatalk), has anyone had any success using Samba with ZFS ACLs?
>> 
>> I've built Samba (4 again) with:
>> 
>> --with-shared-modules=nfs4_acls,vfs_zfsacl
>> 
>> and in smb.conf I have:
>> 
>> [Share]
>> comment = Share
>> path = /tank/share
>> browseable = Yes
>> read only = No
>> ea support = Yes
>> map archive = No
>> map readonly = No
>> map system = No
>> vfs objects = zfsacl
>> nfs4:mode = special
>> nfs4:acedup = merge
>> nfs4:chown = yes
>> zfsacl: acesort = dontcare
>> 
>> But ACLs are ignored (POSIX permissions do work though - and user accounts are seen correctly - a file created will correctly pick up user's id and gid).
>> 
>> Thanks,
>> 
>> James
>> 
>> Principal Consultant
>> 
>> Website:		www.themacplace.co.uk
>> 
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list