Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] NFS4 ACLs with samba 3 (or 4)
407 views
Skip to first unread message
Kevin Taylor
Mar 18, 2015, 1:30:04 PM3/18/15
to
I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
Here's what we have, and what we'd like to do:
Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
Is this possible?
I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Here's what we have, and what we'd like to do:
Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
Is this possible?
I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Ashish Yadav
Mar 19, 2015, 1:40:03 AM3/19/15
to
Hi kevin,
On Wed, Mar 18, 2015 at 10:47 PM, Kevin Taylor <grouch...@hotmail.com>
wrote:
> I know this was discussed a lot a few years ago, but my google searches
> aren't quite getting me where I'm confident in the answer, so I figure I'd
> just ask again here if that's ok.
>
> Here's what we have, and what we'd like to do:
>
> Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported
> to our linux system.
>
> Linux system is CentOS 6 and can NFS mount the Netapp using version 4.
> NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the
> nfs4_setfacl and nfs4_getfacl commands.
>
> We'd like to share out the NFS mounted volume with samba, and retain the
> NFSv4 acl capability so that Windows users can set advanced permissions on
> the files.
>
>
> Is this possible?
>
Yeah that is possible. IMO, You should go with Samba 4 AD + NFSv4
kerberized method. Please take a look at below link which will be helpful
to you for start up.
<http://linuxcostablanca.blogspot.in/2012/01/important-samba-4-update.html>
>
> I've seen posts about the ZFS ability and the GPFS ability, but none of
> those are really what we're doing (I'm not sure why the backend would
> necessarily matter). Would one of the other vfs items work in this case?
> We're just NFS mounting onto the linux machine straight over TCP, nothing
> special like iscsi or custom drivers.
>
>
>
--Regards
Ashishkumar S. Yadav
On Wed, Mar 18, 2015 at 10:47 PM, Kevin Taylor <grouch...@hotmail.com>
wrote:
> I know this was discussed a lot a few years ago, but my google searches
> aren't quite getting me where I'm confident in the answer, so I figure I'd
> just ask again here if that's ok.
>
> Here's what we have, and what we'd like to do:
>
> Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported
> to our linux system.
>
> Linux system is CentOS 6 and can NFS mount the Netapp using version 4.
> NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the
> nfs4_setfacl and nfs4_getfacl commands.
>
> We'd like to share out the NFS mounted volume with samba, and retain the
> NFSv4 acl capability so that Windows users can set advanced permissions on
> the files.
>
>
> Is this possible?
>
kerberized method. Please take a look at below link which will be helpful
to you for start up.
<http://linuxcostablanca.blogspot.in/2012/01/important-samba-4-update.html>
>
> I've seen posts about the ZFS ability and the GPFS ability, but none of
> those are really what we're doing (I'm not sure why the backend would
> necessarily matter). Would one of the other vfs items work in this case?
> We're just NFS mounting onto the linux machine straight over TCP, nothing
> special like iscsi or custom drivers.
>
>
>
Ashishkumar S. Yadav
Volker Lendecke
Mar 19, 2015, 7:10:03 AM3/19/15
to
On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:
> I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
>
> Here's what we have, and what we'd like to do:
>
> Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
>
> Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
>
> We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
>
>
> Is this possible?
>
> I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
The problem is that there is no common API on Linux to read and modify
> I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
>
> Here's what we have, and what we'd like to do:
>
> Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
>
> Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
>
> We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
>
>
> Is this possible?
>
> I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
view and set NFSv4 ACLs, so every file system needs its own adapter.
I haven't recently followed the nfsv4 kernel client, so I don't know
what the API for that would be these days. Do you have any pointers there?
It should be moderate effort to adapt the relevant pieces from the GPFS
and NFSv4 pieces of the modules/ subdirectory.
Volker
>
>
> Thanks.
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kon...@sernet.de
Kevin Taylor
Mar 19, 2015, 10:20:03 AM3/19/15
to
> Date: Thu, 19 Mar 2015 11:59:47 +0100
> From: Volker....@SerNet.DE
> To: grouch...@hotmail.com
> CC: sa...@lists.samba.org
> Subject: Re: [Samba] NFS4 ACLs with samba 3 (or 4)
>
> On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:
> > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
> >
> > Here's what we have, and what we'd like to do:
> >
> > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
> >
> > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
> >
> > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
> >
> >
> > Is this possible?
> >
> > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
>
> The problem is that there is no common API on Linux to read and modify
> those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
> view and set NFSv4 ACLs, so every file system needs its own adapter.
>
> I haven't recently followed the nfsv4 kernel client, so I don't know
> what the API for that would be these days. Do you have any pointers there?
>
> It should be moderate effort to adapt the relevant pieces from the GPFS
> and NFSv4 pieces of the modules/ subdirectory.
>
> Volker
>
Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything.
> On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:
> > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
> >
> > Here's what we have, and what we'd like to do:
> >
> > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
> >
> > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
> >
> > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
> >
> >
> > Is this possible?
> >
> > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
>
> The problem is that there is no common API on Linux to read and modify
> those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
> view and set NFSv4 ACLs, so every file system needs its own adapter.
>
> I haven't recently followed the nfsv4 kernel client, so I don't know
> what the API for that would be these days. Do you have any pointers there?
>
> It should be moderate effort to adapt the relevant pieces from the GPFS
> and NFSv4 pieces of the modules/ subdirectory.
>
> Volker
>
I didn't see any other packages related to the nfs4-acl-tools, so there's no devel piece or anything that comes with it.
Kevin Taylor
Mar 19, 2015, 10:20:03 AM3/19/15
to
> Date: Thu, 19 Mar 2015 11:59:47 +0100
> From: Volker....@SerNet.DE
> To: grouch...@hotmail.com
> CC: sa...@lists.samba.org
> Subject: Re: [Samba] NFS4 ACLs with samba 3 (or 4)
>
> On Wed, Mar 18, 2015 at 01:17:34PM -0400, Kevin Taylor wrote:
> > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
> >
> > Here's what we have, and what we'd like to do:
> >
> > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
> >
> > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
> >
> > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
> >
> >
> > Is this possible?
> >
> > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
>
> The problem is that there is no common API on Linux to read and modify
> those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
> view and set NFSv4 ACLs, so every file system needs its own adapter.
>
> I haven't recently followed the nfsv4 kernel client, so I don't know
> what the API for that would be these days. Do you have any pointers there?
>
> It should be moderate effort to adapt the relevant pieces from the GPFS
> and NFSv4 pieces of the modules/ subdirectory.
>
> Volker
>
> >
I don't know if this helps or not, but here's the package info for it:
> > I know this was discussed a lot a few years ago, but my google searches aren't quite getting me where I'm confident in the answer, so I figure I'd just ask again here if that's ok.
> >
> > Here's what we have, and what we'd like to do:
> >
> > Storage is a Netapp (cluster mode CDOT 8.2 I believe), it's NFS exported to our linux system.
> >
> > Linux system is CentOS 6 and can NFS mount the Netapp using version 4. NFSv3 doesn't support ACLs with Netapp, but NFSv4 does with the nfs4_setfacl and nfs4_getfacl commands.
> >
> > We'd like to share out the NFS mounted volume with samba, and retain the NFSv4 acl capability so that Windows users can set advanced permissions on the files.
> >
> >
> > Is this possible?
> >
> > I've seen posts about the ZFS ability and the GPFS ability, but none of those are really what we're doing (I'm not sure why the backend would necessarily matter). Would one of the other vfs items work in this case? We're just NFS mounting onto the linux machine straight over TCP, nothing special like iscsi or custom drivers.
>
> The problem is that there is no common API on Linux to read and modify
> those NFSv4 ACLs. Both GPFS and possibly ZFS have their own idea how to
> view and set NFSv4 ACLs, so every file system needs its own adapter.
>
> I haven't recently followed the nfsv4 kernel client, so I don't know
> what the API for that would be these days. Do you have any pointers there?
>
> It should be moderate effort to adapt the relevant pieces from the GPFS
> and NFSv4 pieces of the modules/ subdirectory.
>
> Volker
>
> >
Name : nfs4-acl-tools Relocations: (not relocatable)
Version : 0.3.3 Vendor: CentOS
Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT
Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org
Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm
Size : 104480 License: BSD
Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de
Packager : CentOS BuildSystem <http://bugs.centos.org>
URL : http://www.citi.umich.edu/projects/nfsv4/linux/
Summary : The nfs4 ACL tools
Description :
This package contains commandline and GUI ACL utilities for the Linux
NFSv4 client.
Jeremy Allison
Mar 19, 2015, 12:50:03 PM3/19/15
to
On Thu, Mar 19, 2015 at 10:16:20AM -0400, Kevin Taylor wrote:
> Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything.
Well the API is propably just stuffing blobs into extended
> Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything.
attributes directly from userspace. That's how most of
the NFSv4 ACLs usually get done :-(.
Of course all implementations use different blobs containing
different things to do the same thing :-).
Robert Schetterer
Mar 19, 2015, 1:00:04 PM3/19/15
to
Am 19.03.2015 um 17:39 schrieb Jeremy Allison:
> On Thu, Mar 19, 2015 at 10:16:20AM -0400, Kevin Taylor wrote:
>
>> Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything.
>
> Well the API is propably just stuffing blobs into extended
> attributes directly from userspace. That's how most of
> the NFSv4 ACLs usually get done :-(.
>
> Of course all implementations use different blobs containing
> different things to do the same thing :-).
>
make sure that you dont run in a open files limit with ntfs4 acl on
> On Thu, Mar 19, 2015 at 10:16:20AM -0400, Kevin Taylor wrote:
>
>> Unfortunately I'm not a programmer, so I don't know if there is an API or not. As far as me the user can tell is that we have an NFSv4 filesystem mounted on the linux box. We have tools available through the nfs4-acl-tools package (this is on CentOS 6, for example) that offer me the ability to read and set the ACLs on the volume. I figure at some level, someone must have had an API because these tools aren't specific to the underlying filesystem as this could really be offered from anything.
>
> Well the API is propably just stuffing blobs into extended
> attributes directly from userspace. That's how most of
> the NFSv4 ACLs usually get done :-(.
>
> Of course all implementations use different blobs containing
> different things to do the same thing :-).
>
netapp ( i think this was in the orig question ) , there may be a max of
32000 per head ( if exist ) or 64000 in summa
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Volker Lendecke
Mar 20, 2015, 6:00:03 AM3/20/15
to
On Thu, Mar 19, 2015 at 05:47:11PM +0100, Robert Schetterer wrote:
> > Well the API is propably just stuffing blobs into extended
> > attributes directly from userspace. That's how most of
> > the NFSv4 ACLs usually get done :-(.
> >
> > Of course all implementations use different blobs containing
> > different things to do the same thing :-).
> >
>
> make sure that you dont run in a open files limit with ntfs4 acl on
> netapp ( i think this was in the orig question ) , there may be a max of
> 32000 per head ( if exist ) or 64000 in summa
Are we talking about nfsv4 or ntfs(4)? And what limit is
> > Well the API is propably just stuffing blobs into extended
> > attributes directly from userspace. That's how most of
> > the NFSv4 ACLs usually get done :-(.
> >
> > Of course all implementations use different blobs containing
> > different things to do the same thing :-).
> >
>
> make sure that you dont run in a open files limit with ntfs4 acl on
> netapp ( i think this was in the orig question ) , there may be a max of
> 32000 per head ( if exist ) or 64000 in summa
that? It can't make sense to limit the number of acls on a
system.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kon...@sernet.de
Robert Schetterer
Mar 21, 2015, 5:20:03 PM3/21/15
to
Am 20.03.2015 um 10:45 schrieb Volker Lendecke:
> On Thu, Mar 19, 2015 at 05:47:11PM +0100, Robert Schetterer wrote:
>>> Well the API is propably just stuffing blobs into extended
>>> attributes directly from userspace. That's how most of
>>> the NFSv4 ACLs usually get done :-(.
>>>
>>> Of course all implementations use different blobs containing
>>> different things to do the same thing :-).
>>>
>>
>> make sure that you dont run in a open files limit with ntfs4 acl on
>> netapp ( i think this was in the orig question ) , there may be a max of
>> 32000 per head ( if exist ) or 64000 in summa
>
> Are we talking about nfsv4 or ntfs(4)? And what limit is
> that? It can't make sense to limit the number of acls on a
> system.
sorry typo nfs4 acl4, this limits where anounced recent
> On Thu, Mar 19, 2015 at 05:47:11PM +0100, Robert Schetterer wrote:
>>> Well the API is propably just stuffing blobs into extended
>>> attributes directly from userspace. That's how most of
>>> the NFSv4 ACLs usually get done :-(.
>>>
>>> Of course all implementations use different blobs containing
>>> different things to do the same thing :-).
>>>
>>
>> make sure that you dont run in a open files limit with ntfs4 acl on
>> netapp ( i think this was in the orig question ) , there may be a max of
>> 32000 per head ( if exist ) or 64000 in summa
>
> Are we talking about nfsv4 or ntfs(4)? And what limit is
> that? It can't make sense to limit the number of acls on a
> system.
on a admin meeting using a netapp filer ( no idea what version etc ),
this forced many problems
in the past, so the workaround was to move back to nfs3 where acl are
not needed
>
> Volker
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Nico Kadel-Garcia
Mar 22, 2015, 2:10:02 AM3/22/15
to
On Sat, Mar 21, 2015 at 5:16 PM, Robert Schetterer <r...@sys4.de> wrote:
> Am 20.03.2015 um 10:45 schrieb Volker Lendecke:
>> On Thu, Mar 19, 2015 at 05:47:11PM +0100, Robert Schetterer wrote:
>>>> Well the API is propably just stuffing blobs into extended
>>>> attributes directly from userspace. That's how most of
>>>> the NFSv4 ACLs usually get done :-(.
>>>>
>>>> Of course all implementations use different blobs containing
>>>> different things to do the same thing :-).
>>>>
>>>
>>> make sure that you dont run in a open files limit with ntfs4 acl on
>>> netapp ( i think this was in the orig question ) , there may be a max of
>>> 32000 per head ( if exist ) or 64000 in summa
>>
>> Are we talking about nfsv4 or ntfs(4)? And what limit is
>> that? It can't make sense to limit the number of acls on a
>> system.
>
> sorry typo nfs4 acl4, this limits where anounced recent
> on a admin meeting using a netapp filer ( no idea what version etc ),
> this forced many problems
> in the past, so the workaround was to move back to nfs3 where acl are
> not needed
If you have an NetApp that can do NFSv4, *don't bother* putting CIFS,
> Am 20.03.2015 um 10:45 schrieb Volker Lendecke:
>> On Thu, Mar 19, 2015 at 05:47:11PM +0100, Robert Schetterer wrote:
>>>> Well the API is propably just stuffing blobs into extended
>>>> attributes directly from userspace. That's how most of
>>>> the NFSv4 ACLs usually get done :-(.
>>>>
>>>> Of course all implementations use different blobs containing
>>>> different things to do the same thing :-).
>>>>
>>>
>>> make sure that you dont run in a open files limit with ntfs4 acl on
>>> netapp ( i think this was in the orig question ) , there may be a max of
>>> 32000 per head ( if exist ) or 64000 in summa
>>
>> Are we talking about nfsv4 or ntfs(4)? And what limit is
>> that? It can't make sense to limit the number of acls on a
>> system.
>
> sorry typo nfs4 acl4, this limits where anounced recent
> on a admin meeting using a netapp filer ( no idea what version etc ),
> this forced many problems
> in the past, so the workaround was to move back to nfs3 where acl are
> not needed
and all the subtly mismatched handling and difficult impedance
matching between the systems. Seriously: install the Windows "Services
For Unix" toolkits as necessary, just use NFS on both sets of clients,
and don't expect Samba to fix the mismatches for you.
I've done mixed NFSv4 and CIFS clients based on Samba on top of a
NetApp, and it's a painful and performance bottle-necking nightmare to
maintain. Few stable Linux systems have the utilities to handle NFSv4
attributes except as a painfully, confusing, manual script managed
process. There were some GUI's a few years ago, including the ones I
actived for RHEL 6's NFS utilities: they'd been disabled from
compilation in the SRPM, probably because they weren't very good. I've
not heard of any improvements, and it's very easy to break privileges
for *both* sets of clients if you're not careful.
And frankly, from my first days of Samba work on SunOS 4.1.4, it's
been much safer and more robust to throw out the complexities of
Windows file ownership for shared network based resources and use the
simpler owner/group/others ownership of ordinary NFSv3 and standard
file system ownership on the Linux systems.
Volker Lendecke
Mar 23, 2015, 6:20:03 AM3/23/15
to
On Thu, Mar 19, 2015 at 10:17:36AM -0400, Kevin Taylor wrote:
> Name : nfs4-acl-tools Relocations: (not relocatable)
> Version : 0.3.3 Vendor: CentOS
> Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT
> Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org
> Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm
> Size : 104480 License: BSD
> Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de
> Packager : CentOS BuildSystem <http://bugs.centos.org>
> URL : http://www.citi.umich.edu/projects/nfsv4/linux/
> Summary : The nfs4 ACL tools
> Description :
> This package contains commandline and GUI ACL utilities for the Linux
> NFSv4 client.
Thanks. Looking at that to me it seems it won't be too much
> Name : nfs4-acl-tools Relocations: (not relocatable)
> Version : 0.3.3 Vendor: CentOS
> Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT
> Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org
> Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm
> Size : 104480 License: BSD
> Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de
> Packager : CentOS BuildSystem <http://bugs.centos.org>
> URL : http://www.citi.umich.edu/projects/nfsv4/linux/
> Summary : The nfs4 ACL tools
> Description :
> This package contains commandline and GUI ACL utilities for the Linux
> NFSv4 client.
work to adapt Samba to that API. It's just that someone has
to do it :-)
Volker
Nico Kadel-Garcia
Mar 26, 2015, 7:50:04 AM3/26/15
to
On Mon, Mar 23, 2015 at 6:15 AM, Volker Lendecke
<Volker....@sernet.de> wrote:
> On Thu, Mar 19, 2015 at 10:17:36AM -0400, Kevin Taylor wrote:
>> Name : nfs4-acl-tools Relocations: (not relocatable)
>> Version : 0.3.3 Vendor: CentOS
>> Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT
>> Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org
>> Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm
>> Size : 104480 License: BSD
>> Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de
>> Packager : CentOS BuildSystem <http://bugs.centos.org>
>> URL : http://www.citi.umich.edu/projects/nfsv4/linux/
>> Summary : The nfs4 ACL tools
>> Description :
>> This package contains commandline and GUI ACL utilities for the Linux
>> NFSv4 client.
>
> Thanks. Looking at that to me it seems it won't be too much
> work to adapt Samba to that API. It's just that someone has
> to do it :-)
>
> Volker
I'm staring back at a thread I started about 5 years ago about a
<Volker....@sernet.de> wrote:
> On Thu, Mar 19, 2015 at 10:17:36AM -0400, Kevin Taylor wrote:
>> Name : nfs4-acl-tools Relocations: (not relocatable)
>> Version : 0.3.3 Vendor: CentOS
>> Release : 6.el6 Build Date: Fri 22 Jun 2012 02:10:47 AM EDT
>> Install Date: Mon 31 Mar 2014 10:41:48 AM EDT Build Host: c6b10.bsys.dev.centos.org
>> Group : Applications/System Source RPM: nfs4-acl-tools-0.3.3-6.el6.src.rpm
>> Size : 104480 License: BSD
>> Signature : RSA/SHA1, Sun 24 Jun 2012 06:20:10 PM EDT, Key ID 0946fca2c105b9de
>> Packager : CentOS BuildSystem <http://bugs.centos.org>
>> URL : http://www.citi.umich.edu/projects/nfsv4/linux/
>> Summary : The nfs4 ACL tools
>> Description :
>> This package contains commandline and GUI ACL utilities for the Linux
>> NFSv4 client.
>
> Thanks. Looking at that to me it seems it won't be too much
> work to adapt Samba to that API. It's just that someone has
> to do it :-)
>
> Volker
similar desire, at
https://lists.samba.org/archive/samba/2010-April/155249.html
On RHEL 5, at least, the GUI was not enabled in the SRPM. I used to
publish patches to enable that. It was a pretty fragile GUI, and the
permissions are *order sensitive* in a way that the CIFS ACL is not.
So the permissions work just great, until they don't, and they can be
a nightmare to debug.
Seriously, if you have NetApp doing NFS, don't hurt yourself trying to
rewrap CIFS and Samba on top of it. This is a case where keeping it
simpler is faster, cheaper, and more robust, even if Samba is a useful
layer for specific uses.
0 new messages