I was doing some SAMBA testing and noticed that a kernel mounted share acted differently then a fuse mounted share with Windows security on my windows client. I cut my test down to as simple as possible, and I am seeing the kernel mounted Ceph file system working as expected with SAMBA and the fuse mounted file system not creating all the SAMBA ACLs. Is there some option that needs to be turned on to have the fuse mount to support ACL in the same way the kernel mount does? For this test, I am using a single SAMBA server that has mounted the same Ceph file system using both fuse and kernel mounts, using two different mount points. Both mount points are exported by SAMBA as separate shares. I joined the SAMBA server to my Windows 2012 AD and them mounted each share to a drive letter. On the AD I then created a text file on each share. The kernel mounted share file is called kern.txt and the fuse mounted share file is called fuse.txt. >From the Ceph file system client, I looked at the ACLs on both files from both the kernel and from the fuse mount points: >From the kernel mount point: getfattr -d cephfs/test/* # file: cephfs/test/fuse.txt user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= # file: cephfs/test/kern.txt user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== getfattr -n security.NTACL cephfs/test/* cephfs/test/fuse.txt: security.NTACL: No such attribute # file: cephfs/test/kern.txt security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= >From the fuse mount point: getfattr -d cephfsFUSE/test/* # file: cephfsFUSE/test/fuse.txt user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= # file: cephfsFUSE/test/kern.txt user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== getfattr -n security.NTACL cephfsFUSE/test/* cephfsFUSE/test/fuse.txt: security.NTACL: No such attribute # file: cephfsFUSE/test/kern.txt security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= The file created by SAMBA using the fuse mount is missing the user.SAMBA_PAI and security.NTACL ACLs. This prevents SAMBA from properly supporting fuse mounted file systems in an AD setup. Test setup info: ceph -v ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9) Ubuntu version is 14.04 with the 4.6rc4 PPA kernel: uname -a Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18 03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Samba version 4.4.2 Ceph file system mount info: grep ceph /proc/mounts 10.14.2.11,10.14.2.12,10.14.2.13:/ /cephfs ceph rw,noatime,name=cephfs,secret=<hidden>,acl 0 0 ceph-fuse /cephfsFUSE fuse.ceph-fuse rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0 I have put instructions on how I built SAMBA, the smb.conf file, /etc/fstab, and the ceph.conf file in pastebin at: http://pastebin.com/hv7PEqNm Best regards, Eric _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |