[zfs-discuss] Sun samba <-> ZFS ACLs

Wed, 03 Sep 2008 12:59:12 -0700 

Way back when I first started looking at ZFS I remember testing the sun
samba/zfs acl integration. I had some problems with the special ace's at
first, but I thought those were resolved by installing the latest samba
patch. However, after working on other pieces of our developing
infrastructure for a while, I went back to revisit samba, and it doesn't
work :(. I initially tested with S10U4, I'm currently running U5 with a
few additional patches.

Given a file with the following ACL:

-rw-------   1 henson   csupomona       0 Sep  3 12:19 
/export/user/henson/test.file
            owner@:rw-pdDaARWcC--:------:allow
            group@:--------------:------:allow
         everyone@:--------------:------:allow


I connect to the samba share from Windows XP, right-click on the file,
click properties and then security, give "everyone" read privileges,  and
then after applying here is what happens:

-r--r--r--+  1 henson   csupomona       0 Sep  3 12:19 
/export/user/henson/test.file
    group:csupomona:-------------s:------:allow
         everyone@:r-----a-R-c--s:------:allow
       user:henson:rw-pdDaARWcC--:------:allow

The special owner/group entries are replaced with explicit user/group
entries, the order is changed, and the "s"  permission spuriously applied.


I tried installing the Sun provided samba source code package to try to do
some debugging on my own, but it won't even compile, configure fails with:


checking for ldap_add_result_entry... no
configure: error: Active Directory support requires ldap_add_result_entry


Looking at the README.sfw included in the source package, there is
evidently some "libsunwrap.a" file necessary to access that function call
in the Sun LDAP library as it is not exported; this does not appear to be
included in the samba source package.

Anybody have any ideas about this? I'm considering trying to install
another S10U4 system like I initially tested with to confirm whether or not
it actually worked then or if I'm just being prematurely senile 8-/.


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  [EMAIL PROTECTED]
California State Polytechnic University  |  Pomona CA 91768
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to