The code is at https://github.com/ceph/samba.git wip-acl. So far the code does not handle default ACL (files created by samba do not inherit parent directory's default ACL) Regards Yan, Zheng On Tue, Aug 18, 2015 at 6:57 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote: > On Mon, Aug 17, 2015 at 4:12 AM, Yan, Zheng <ukernel@xxxxxxxxx> wrote: >> On Mon, Aug 17, 2015 at 9:38 AM, Eric Eastman >> <eric.eastman@xxxxxxxxxxxxxx> wrote: >>> Hi, >>> >>> I need to verify in Ceph v9.0.2 if the kernel version of Ceph file >>> system supports ACLs and the libcephfs file system interface does not. >>> I am trying to have SAMBA, version 4.3.0rc1, support Windows ACLs >>> using "vfs objects = acl_xattr" with the SAMBA VFS Ceph file system >>> interface "vfs objects = ceph" and my tests are failing. If I use a >>> kernel mount of the same Ceph file system, it works. Using the SAMBA >>> Ceph VFS interface with logging set to 3 in my smb.conf files shows >>> the following error when on my Windows AD server I try to "Disable >>> inheritance" of the SAMBA exported directory uu/home: >>> >>> [2015/08/16 18:27:11.546307, 2] >>> ../source3/smbd/posix_acls.c:3006(set_canon_ace_list) >>> set_canon_ace_list: sys_acl_set_file type file failed for file >>> uu/home (Operation not supported). >>> >>> This works using the same Ceph file system kernel mounted. It also >>> works with an XFS file system. >>> >>> Doing some Googling I found this entry on the SAMBA email list: >>> >>> https://lists.samba.org/archive/samba-technical/2015-March/106699.html >>> >>> It states: libcephfs does not support ACL yet, so this patch adds ACL >>> callbacks that do nothing. >>> >>> If ACL support is not in libcephfs, is there plans to add it, as the >>> SAMBA Ceph VFS interface without ACL support is severely limited in a >>> multi-user Windows environment. >>> >> >> libcephfs does not support ACL. I have an old patch that adds ACL >> support to samba's vfs ceph module, but haven't tested it carefully. > > Are these published somewhere? Even if you don't have time to work on > it somebody else might pick it up and finish things if it's available > as a starting point. :) > -Greg _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |