Re: Debian and transparent Windows like ACLs on Samba

To: debian-enterprise@lists.debian.org
Subject: Re: Debian and transparent Windows like ACLs on Samba
From: Stephen Marron <debian@solo.boxfusion.net>
Date: Wed, 15 Sep 2010 23:20:10 +0930
Message-id: <[🔎] 4C90CF12.7040204@solo.boxfusion.net>
In-reply-to: <[🔎] 20100915082845.GA2826@bogon.sigxcpu.org>
References: <[🔎] 4C905ED6.2010806@debian.org> <[🔎] 20100915082845.GA2826@bogon.sigxcpu.org>

Hi

On 15/09/10 17:58, Guido Günther wrote:
> Hi Luk,
> On Wed, Sep 15, 2010 at 07:51:18AM +0200, Luk Claes wrote:
>> Hi
>>
>> In our organisation we would want to provide to our users the
>> opportunity to use Windows like ACLs in a transparent way (aka behaviour
>> when NFS mounted is similar than behaviour when use via Samba).
>>
>> AFAICS currently this does not seem possible within Debian as:
>>  * POSIX ACLs are confusing for users and clearly not good enough a
>> match for Windows like ACLs
>>  * storing the extra flags outside the filesystem while using POSIX ACLs
>> means a non-transparent solution
>>  * storing the extra flags inside the filesystem is currently not
>> working with at least ext2fs, ext3fs, ext4fs (does someone know a
>> filesystem that is working besides zfs?)
> ext3 supports extended attributes with the user_xattr mount option, XFS
> has them enabled by default. These could be used to store the flags in
> the filesystem.
>  -- Guido

ext2/3/4/btr support the user_xattr mount option which allows user
extended attributes on the file system but unless you are using these to
store custom NFSv4 ACL attributes you probably just want the acl option
which enables POSIX ACLs

As far as NFS and ACLs go the main problem is that there are two
versions of ACLs and its very easy to get them mixed up...


_POSIX ACLs_

POSIX ACLS are quite well supported in Linux, most Linux file systems
(ext2/3/4 and btr) support POSIX ACLs. By simply using the "acl" mount
option you get POSIX ACL support on the file system which can then be
exported via NFS

Only NFSv4 has ACL support included in the standard but unfortunately
the ACL system used in NFSv4 isn't fully compatible with POSIX ACLs so
you cant use NFSv4 to easily export your file system

Fortunately Solaris added ACL support to their version of NFSv3 and the
Linux NFS server implements these Solaris extensions

So by using ext3 with the "acl" mount option and exporting the file
system via NFSv3 also with acl option enabled we get a working solution


_NFSv4 ACLs_

Now, you can also use NFSv4 with NFSv4 ACLs but this means that both the
client and server systems will need to support NFSv4 ACLs, which
currently requires you to perform some level of patching and hacking and
may not be quite what your looking for... but if you're interested there
are some packages in debian[1] and you can find out more information
from the nfs[2] site and wiki[3] or from the CITI Project[4]

Cheers

Stephen

1. http://packages.debian.org/nfs4-acl-tools
2. http://linux-nfs.org/
3. http://wiki.linux-nfs.org
4. http://www.citi.umich.edu/projects/nfsv4/linux/

Reply to:

Follow-Ups:
- Re: Debian and transparent Windows like ACLs on Samba
  - From: Luk Claes <luk@debian.org>

References:
- Debian and transparent Windows like ACLs on Samba
  - From: Luk Claes <luk@debian.org>
- Re: Debian and transparent Windows like ACLs on Samba
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Debian and transparent Windows like ACLs on Samba
Next by Date: Re: Debian and transparent Windows like ACLs on Samba
Previous by thread: Re: Debian and transparent Windows like ACLs on Samba
Next by thread: Re: Debian and transparent Windows like ACLs on Samba
Index(es):
- Date
- Thread