Re: [Samba] Samba4 with Posix ACL's
There's a thread here: https://github.com/zfsonlinux/zfs/issues/170 (I'm posting as *fireappleblackhttps://github.com/fireappleblack )* ...Which implies that the hold-up (from a zfs-linux perspective) is the lack of richacls support in the mainstream kernel at the moment. (E.g. OpenSuse supports richacls out of the box, few other distros have included the patches yet). Richacls should neatly sidestep the CDDL/GPL problem. Im still trying to fully understand the break(s) in the chain between non-solaris/illumos Samba/CIFS and ZFS. Getting there slowly. My medium term aim is a linux-based appliance that'll run on generic hardware (even more generic than Illumos allows) with a ZFS filestore and AD domain controller functionality, without having to do heavy duty virtualisation and run disparate environment (e.g. running a linux Samba 4 DC as a KVM DomU under an Openindiana Dom0; way too complex). On 1 May 2012 04:06, Jeremy Allison j...@samba.org wrote: On Mon, Apr 30, 2012 at 12:44:25PM +0100, Ben Metcalfe wrote: Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Yeah, that should work. Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. What API's does ZFS-Linux have to access the ZFS ACLs ? None, I'd bet :-(. Which unfortunately makes transparent support quite hard. Plus there's the whole CDDL vs GPL licensing thing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. (Note to mod: now emailing via newly-subscribed email address instead of the old +addressed one). On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. On 30 April 2012 06:04, Alain Toussaint alain.toussa...@securivm.ca wrote: This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
On Mon, Apr 30, 2012 at 12:44:25PM +0100, Ben Metcalfe wrote: Would the following be workable: Run Samba 3 binaries in one linux OpenVZ instance to serve files. Run Samba 4 binaries in another, separate OpenVZ instance as an AD domain controller. ...all on the same physical machine? http://wiki.openvz.org/ Yeah, that should work. Separate note: I'd really like to see transparent support of ZFS-linux as a file-store back-end. What API's does ZFS-Linux have to access the ZFS ACLs ? None, I'd bet :-(. Which unfortunately makes transparent support quite hard. Plus there's the whole CDDL vs GPL licensing thing... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 with Posix ACL's
Hi everyone I'm setting up a report writing system for a school. All teachers need rw access to the reports which are in a folder of the same name. Teachers are in a group called teachers and there is a share called reports: [reports] path = /data/reports read only = No create mask = 0770 /data/reports has a Posix ACL: getfacl /data/reports getfacl: Removing leading '/' from absolute path names # file: data/reports # owner: root # group: teachers # flags: -s- user::rwx group::r-x other::--- default:user::rwx default:group::rwx default:other::--- and ls gives: drwxr-s---+ 9 root teachers 4096 Apr 15 11:47 reports Under XP, everything works as expected. Only teachers can enter the share and any report created becomes group rw. Perfect. In Windows 7, no one can enter. Clicking on the security tab we can see the teachers group listed (so it must know something about group ownership or the ACL or both) but nothing is ticked apart from 'special permissions'. Administrator has to select read and write before the teachers can enter. There is then a warning about setting permissions at the root of the share. What have I done wrong? Does w7 under Samba4 understand Posix ACL and group rw stuff? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
On Sun, 2012-04-29 at 11:27 +0200, steve wrote: Hi everyone I'm setting up a report writing system for a school. All teachers need rw access to the reports which are in a folder of the same name. Teachers are in a group called teachers and there is a share called reports: [reports] path = /data/reports read only = No create mask = 0770 /data/reports has a Posix ACL: getfacl /data/reports getfacl: Removing leading '/' from absolute path names # file: data/reports # owner: root # group: teachers # flags: -s- user::rwx group::r-x other::--- default:user::rwx default:group::rwx default:other::--- and ls gives: drwxr-s---+ 9 root teachers 4096 Apr 15 11:47 reports Under XP, everything works as expected. Only teachers can enter the share and any report created becomes group rw. Perfect. In Windows 7, no one can enter. Clicking on the security tab we can see the teachers group listed (so it must know something about group ownership or the ACL or both) but nothing is ticked apart from 'special permissions'. Administrator has to select read and write before the teachers can enter. There is then a warning about setting permissions at the root of the share. What have I done wrong? Does w7 under Samba4 understand Posix ACL and group rw stuff? No, Samba4's ntvfs files server does not understand posix ACLs. It will attempt to honour them (by being the user in question when accessing the file system), but if an NT ACL is set, then it will use root rights to override this and honour the NT ACL. This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 with Posix ACL's
This is one of the many reasons why we are working on s3fs. When we are happy with it, we will make it the default, but until then we can only ask for your patience, and do not recommend the Samba4 DCs be used as general file servers (ie, use it only for netlogon and sysvol). Can we use it for a single public (within the internal network) read-write share such as /tmp? Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba