[gpfsug-discuss] Samba mapping of "special" SID entries
Orlando Richards
orlando.richards at ed.ac.uk
Fri Jun 22 15:52:34 BST 2012
Hi all,
Has anyone bumped up against the "nfs4: special" option in GPFS/Samba
deployments which manipulates how the "owner" and "group owner" (and
"everybody") behaviour is mapped to ACLs when accessed via the samba stack?
In particular, with the "default" setting (if one blindly follows the
worked examples on this) of nfs4: special, if a user adds themselves
specifically to an ACL, this creates an entry:
special:@owner
rather than:
user:username
which has the knock-on effect that if a file/folder is created under
this ACL by a different owner (or if ownership changes), the person who
put said ACL on to the file/folder no longer has access. Most people
find this confusing (which is putting it politely).
To further complicate matters, the "special" windows SID's*[1] - such as
"CREATOR/OWNER" - don't seem to work properly in the ctdb/samba/gpfs
stack (I don't know if they do in "normal" samba though). IBM don't
support CREATOR/OWNER in SONAS*[2] - so it's not just me!
So my question is - has anyone else been looking into this at all, and
if so, do you have any sage words of wisdom to offer?
Cheers,
Orlando.
*[1] http://support.microsoft.com/kb/163846
*[2]
http://pic.dhe.ibm.com/infocenter/sonasic/sonas1ic/index.jsp?topic=%2Fcom.ibm.sonas.doc%2Fadm_authorization_limitations.html
--
--
Dr Orlando Richards
Information Services
IT Infrastructure Division
Unix Section
Tel: 0131 650 4994
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the gpfsug-discuss
mailing list