Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] ACLs on a directory on GPFS
272 views
Skip to first unread message
Andras Frankel
Jan 31, 2013, 3:50:02 PM1/31/13
to
Hello,
I am using the vfs_gpfs samba module to map ACLs through samba. It works
fine on files, but directory ACLs are ignored. Ex:
getfacl /sb/share/myplace/
file: sb/share/myplace/
owner: root
group: root
user::rwx
user:afrankel:rwx
group::---
mask::rwx
other::---
When I try to access this folder in Windows, I get permission denied.
The same permissions on a files, I can open it / modify it without any
problems.
Here is my seetings :
mmlsfs sb
-D nfs4 File locking semantics in effect
-k all ACL semantics in effect
/etc/samba/smb.conf :
---------------------
clustering = yes
fileid:mapping = fsname
vfs objects = shadow_copy2 syncops gpfs fileid
shadow:snapdir = .snapshots
shadow:fixinodes =yes
gpfs:sharemodes = Yes
gpfs:leases = Yes
posix locking = Yes
kernel oplocks = Yes
level2 oplocks = no
force unknown acl user = Yes
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge
[share]
read only = No
browseable = yes
path = /sb/share
map acl inherit = yes
inherit acls = no
dos filemode = no
create mask = 0770
force create mode = 0770
directory mask = 0777
Versions :
GPFS v3.4.0-18 on Linux.
samba-3.5.10-114
Did anybody else has experienced this? Note that if I replace 'gpfs'
module with 'acl_xattr' modules, it seems to work fine. Can I use samba
on gpfs without the GPFS module?
Thanks,
Andras
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I am using the vfs_gpfs samba module to map ACLs through samba. It works
fine on files, but directory ACLs are ignored. Ex:
getfacl /sb/share/myplace/
file: sb/share/myplace/
owner: root
group: root
user::rwx
user:afrankel:rwx
group::---
mask::rwx
other::---
When I try to access this folder in Windows, I get permission denied.
The same permissions on a files, I can open it / modify it without any
problems.
Here is my seetings :
mmlsfs sb
-D nfs4 File locking semantics in effect
-k all ACL semantics in effect
/etc/samba/smb.conf :
---------------------
clustering = yes
fileid:mapping = fsname
vfs objects = shadow_copy2 syncops gpfs fileid
shadow:snapdir = .snapshots
shadow:fixinodes =yes
gpfs:sharemodes = Yes
gpfs:leases = Yes
posix locking = Yes
kernel oplocks = Yes
level2 oplocks = no
force unknown acl user = Yes
nfs4: mode = special
nfs4: chown = yes
nfs4: acedup = merge
[share]
read only = No
browseable = yes
path = /sb/share
map acl inherit = yes
inherit acls = no
dos filemode = no
create mask = 0770
force create mode = 0770
directory mask = 0777
Versions :
GPFS v3.4.0-18 on Linux.
samba-3.5.10-114
Did anybody else has experienced this? Note that if I replace 'gpfs'
module with 'acl_xattr' modules, it seems to work fine. Can I use samba
on gpfs without the GPFS module?
Thanks,
Andras
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jonathan Buzzard
Feb 1, 2013, 5:40:01 AM2/1/13
to
On Thu, 2013-01-31 at 15:41 -0500, Andras Frankel wrote:
> Hello,
>
> I am using the vfs_gpfs samba module to map ACLs through samba. It works
> fine on files, but directory ACLs are ignored. Ex:
>
> getfacl /sb/share/myplace/
>
> file: sb/share/myplace/
> owner: root
> group: root
> user::rwx
> user:afrankel:rwx
> group::---
> mask::rwx
> other::---
>
> When I try to access this folder in Windows, I get permission denied.
> The same permissions on a files, I can open it / modify it without any
> problems.
>
Your basic problem is that you are using the Linux tools to look at the
> Hello,
>
> I am using the vfs_gpfs samba module to map ACLs through samba. It works
> fine on files, but directory ACLs are ignored. Ex:
>
> getfacl /sb/share/myplace/
>
> file: sb/share/myplace/
> owner: root
> group: root
> user::rwx
> user:afrankel:rwx
> group::---
> mask::rwx
> other::---
>
> When I try to access this folder in Windows, I get permission denied.
> The same permissions on a files, I can open it / modify it without any
> problems.
>
ACL's on the GPFS file system.
You need to stop right there and use the GPFS tools instead aka
mmgetacl. You can change them with mmeditacl or mmputacl. Yes the tools
for manipulating ACL's on files and directories on a GPFS file system
from Linux suck; IBM's answer is that it works well on AIX but they
expected them to be set from Windows anyway.
> Here is my seetings :
>
> mmlsfs sb
>
> -D nfs4 File locking semantics in effect
> -k all ACL semantics in effect
you intend to use rich permissions from Windows via Samba. Though if
there is anyone from IBM listening that would like to let me know what
Samba ACL schematics does I am all ears :-)
file server. I presume that there is a AD based backend for
authentication and UID to SID mapping or it won't work properly.
# general options
vfs objects = shadow_copy2 fileid gpfs
unix extensions = no
mangled names = no
case sensitive = no
# store DOS attributes in extended attributes (vfs_gpfs then stores them
in the file system)
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
# the ctdb clustering and GPFS stuff
clustering = yes
ctdbd socket = /tmp/ctdb.socket
fileid : algorithm = fsname
gpfs : sharemodes = yes
gpfs : winattr = yes
force unknown acl user = yes
nfs4 : mode = special
nfs4 : chown = no
nfs4 : acedup = merge
# stuff necessary for guest logins to work where required
guest account = nobody
map to guest = bad user
# enable shadow copies
shadow : snapdir = /gpfs/.snapshots
shadow : basedir = /gpfs
shadow : fixinodes = yes
The a general purpose group share would look like
[mylab]
comment = Someones Lab common space
path = /gpfs/groups/mylab/common
read only = no
browseable = yes
create mask = 0770
directory mask = 0770
force group = mylab
valid users = @MYDOMAIN\mylab
> Versions :
>
> GPFS v3.4.0-18 on Linux.
> samba-3.5.10-114
>
that Samba version for it to work
http://rhn.redhat.com/errata/RHBA-2012-0850.html
Not sure where you got your vfs_gpfs module from but 3.5.10 needs a
patch to the vfs_gpfs module to make Posix ACL's work properly, though
you probably only using NFSv4 ACL's anyway.
Also remember access via NFS will nuke any ACL's set so a space is
either NFS *or* SMB access only.
Final note is that RHEL6.4 will shift to a Samba 3.6 base (RHEL5.9 has
already done so) which has a *much* improved vfs_gpfs module. Upgrade as
soon as reasonably possible, noting that the idmapping has changed and
you will need to update your smb.conf for it work.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
Andras Frankel
Feb 1, 2013, 10:10:01 AM2/1/13
to
No, that didn't change anything. Still can't access directories (it
works fine with files.)
On 02/01/2013 01:27 AM, Pacher Dragos wrote:
> Does it work if you remove the
>
No, that didn't change anything. Still can't access directories (it
works fine with files.)
What is happening if I use acl_xattr module instead of cfs_gpfs module?
Is there a risk of data corruption due to lack of gpfs locking?
Thanks,
Andras
works fine with files.)
On 02/01/2013 01:27 AM, Pacher Dragos wrote:
> Does it work if you remove the
> map acl inherit = yes
> ?
>
No, that didn't change anything. Still can't access directories (it
works fine with files.)
What is happening if I use acl_xattr module instead of cfs_gpfs module?
Is there a risk of data corruption due to lack of gpfs locking?
Thanks,
Andras
Andras Frankel
Feb 1, 2013, 11:30:02 AM2/1/13
to
Jonathan,
Thanks I tried your suggestion, but still no luck.
I created a new directory myplace2, I used mmeditacl to set the ACLs :
mmgetacl myplace2/
#owner:root
#group:root
user::rwxc
group::----
other::----
mask::rwxc
user:afrankel:rwxc
Same thing, permission denied.
I even changed my fs settings to posix :
mmlsfs sb
flag value description
------------------- ------------------------
-----------------------------------
-D posix File locking semantics in
effect
-k posix ACL semantics in effect
Did the same thing (I created myplace3, same permission through
mmeditacl, restart samba, still no access.)
The strange thing is that it works fine with files. Only directories
give me trouble.
Andras
Thanks I tried your suggestion, but still no luck.
I created a new directory myplace2, I used mmeditacl to set the ACLs :
mmgetacl myplace2/
#owner:root
#group:root
user::rwxc
group::----
other::----
mask::rwxc
user:afrankel:rwxc
Same thing, permission denied.
I even changed my fs settings to posix :
mmlsfs sb
flag value description
------------------- ------------------------
-----------------------------------
-D posix File locking semantics in
effect
-k posix ACL semantics in effect
Did the same thing (I created myplace3, same permission through
mmeditacl, restart samba, still no access.)
The strange thing is that it works fine with files. Only directories
give me trouble.
Andras
0 new messages