On Tue, Feb 28, 2012 at 06:37:21PM +0100, Gémes Géza wrote: > 2012-02-28 08:27 keltezéssel, steve írta: > > Hi everyone > > > > We're really struggling with nfs4 <--> windows acls. > > > > Scenario > > Samba4 share --> cifs --> win7. No problem > > Samba4 share --> nfs4 --> Linux. acls not inherited > > Neither is there inheritance vica versa. > > > > e.g. It is not possible to create files with group rw on a umask 0022 > > nfs4 share. nfs4_setfacl cannot override umask. Using POSIX or windows > > acls this works fine. I've approached the nfs4 devs and they've said > > that they'll look into it, but so far. Exporting nfs4 with -o noacl > > (in the hope that the windows acl would take effect) has no effect. > > > > 1. Is it possible to get Samba to override the nfs4 acl and use > > whatever I've set on windows security acl instead? > > 2. Is there a way to export a single directory with a umask of my choice? > > 3. Would it be reasonable to ask my distro (openSUSE) to consider this > > problem as a feature request? Perhaps as a patch over nfs4_setfacl? > > Thanks, > > L & S at lcb > > > IMHO Samba4 sets the windows (non posix) acls as extended attributes. In > order to get them applied o the Linux (or NFS4) side there should be a > Linux kernel security module (LSM) which would override the posix acls.
If RichACLs gets adopted (I'm assuming this will be the same model as NFSv4) then we'll just add a Samba VFS module to map incoming Windows ACLs to RichACLs. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba