ACL support in Jewel using fuse and SAMBA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was doing some SAMBA testing and noticed that a kernel mounted share
acted differently then a fuse mounted share with Windows security on
my windows client. I cut my test down to as simple as possible, and I
am seeing the kernel mounted Ceph file system working as expected with
SAMBA and the fuse mounted file system not creating all the SAMBA
ACLs. Is there some option that needs to be turned on to have the fuse
mount to support ACL in the same way the kernel mount does?

For this test, I am using a single SAMBA server that has mounted the
same Ceph file system using both fuse and kernel mounts, using two
different mount points. Both mount points are exported by SAMBA as
separate shares. I joined the SAMBA server to my Windows 2012 AD and
them mounted each share to a drive letter. On the AD I then created a
text file on each share.  The kernel mounted share file is called
kern.txt and the fuse mounted share file is called fuse.txt.

>From the Ceph file system client, I looked at the ACLs on both files
from both the kernel and from the fuse mount points:

>From the kernel mount point:
getfattr -d cephfs/test/*
# file: cephfs/test/fuse.txt
user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA=

# file: cephfs/test/kern.txt
user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA=
user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA==

getfattr -n security.NTACL cephfs/test/*
cephfs/test/fuse.txt: security.NTACL: No such attribute
# file: cephfs/test/kern.txt
security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA=

>From the fuse mount point:
getfattr -d cephfsFUSE/test/*
# file: cephfsFUSE/test/fuse.txt
user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA=

# file: cephfsFUSE/test/kern.txt
user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA=
user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA==

getfattr -n security.NTACL cephfsFUSE/test/*
cephfsFUSE/test/fuse.txt: security.NTACL: No such attribute
# file: cephfsFUSE/test/kern.txt
security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA=

The file created by SAMBA using the fuse mount is missing the
user.SAMBA_PAI and security.NTACL ACLs.  This prevents SAMBA from
properly supporting fuse mounted file systems in an AD setup.

Test setup info:
ceph -v
ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9)

Ubuntu version is 14.04 with the 4.6rc4 PPA kernel:
uname -a
Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18
03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Samba version 4.4.2

Ceph file system mount info:
grep ceph /proc/mounts
10.14.2.11,10.14.2.12,10.14.2.13:/ /cephfs ceph
rw,noatime,name=cephfs,secret=<hidden>,acl 0 0
ceph-fuse /cephfsFUSE fuse.ceph-fuse
rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0

I have put instructions on how I built SAMBA, the smb.conf file,
/etc/fstab, and the ceph.conf file in pastebin at:
http://pastebin.com/hv7PEqNm

Best regards,
Eric
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux