[gpfsug-discuss] question about why unix extensions = no is recommended when using samba + gpfs?
Jonathan Buzzard
jonathan at buzzard.me.uk
Thu Mar 13 13:08:51 GMT 2014
On Thu, 2014-03-13 at 07:45 -0500, Sabuj Pattanayek wrote:
> Hi,
>
>
> We tried the nfsv4 acl route and it didn't work out so well for us
> when files/directories would get promoted to nfsv4 acl's (but maybe
> I'll revisit it when I get a chance), I had unix extensions turned off
> at that time. We're using for our main template share :
>
>
> vfs objects = shadow_copy2 gpfs acl_xattr fileid
>
> gpfs:acl = no
>
That is an "unsual" way to run an Samba/GPFS file server so don't expect
much help from anyone. The vast majority use GPFS in NFSv4 ACL only mode
with the Samba GPFS VFS module doing all the mapping through to the
NFSv4 ACLs to do all the rich permission.
>
> to pass acl's to acl_xattr and it seems to work ok and tivoli is able
> to backup the security.NTACL extended attribute and restore it without
> problems. It'll end up using posix ACLs assigning default acl's for
> the users/groups that are assigned to the files/dirs . All of it
> breaks umask and other things though, which isn't that big of a deal
> with samba's ability to force modes for particular shares.
>
That is a "wacked out" setup if you ask me.
>
> Regarding unix extensions, it seems there are problems either way (or
> perhaps were?), but the problems may be "more" severe if unix
> extensions are turned off?
>
> http://wiki.phys.ethz.ch/readme/mac_samba
>
Yeah changing Unix permissions on a SMB share does not work. Rather like
a real Windows file server don't you think?
Besides which on a group share with Unix extensions on the MacOS X
client (or at least did) goes and changes the permission and ownership
on the file and breaks a "group" share. That is one where a group of
people have equal read/write access to a shared area. Working group
shares are a million times more important that the odd power user being
able to muck about with file permissions.
Note this only effects MacOS because Linux has the tools to see and
manipulate SMB ACL's properly.
>
> I'll need to do some more testing with the latest OSX in that case
> since it looks like many of these posts were written years ago. We are
> also running the latest stable samba 4.1.x from sernet. But it's good
> to know that unix extensions = no is not because of some requirement
> in GPFS.
>
It also does not play well with case insensitive = yes in my experience.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the gpfsug-discuss
mailing list