On Fri, May 6, 2016 at 9:53 AM, Eric Eastman <eric.eastman@xxxxxxxxxxxxxx> wrote: > I was doing some SAMBA testing and noticed that a kernel mounted share > acted differently then a fuse mounted share with Windows security on > my windows client. I cut my test down to as simple as possible, and I > am seeing the kernel mounted Ceph file system working as expected with > SAMBA and the fuse mounted file system not creating all the SAMBA > ACLs. Is there some option that needs to be turned on to have the fuse > mount to support ACL in the same way the kernel mount does? > > For this test, I am using a single SAMBA server that has mounted the > same Ceph file system using both fuse and kernel mounts, using two > different mount points. Both mount points are exported by SAMBA as > separate shares. I joined the SAMBA server to my Windows 2012 AD and > them mounted each share to a drive letter. On the AD I then created a > text file on each share. The kernel mounted share file is called > kern.txt and the fuse mounted share file is called fuse.txt. > > From the Ceph file system client, I looked at the ACLs on both files > from both the kernel and from the fuse mount points: > > From the kernel mount point: > getfattr -d cephfs/test/* > # file: cephfs/test/fuse.txt > user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= > > # file: cephfs/test/kern.txt > user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= > user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== > > getfattr -n security.NTACL cephfs/test/* > cephfs/test/fuse.txt: security.NTACL: No such attribute > # file: cephfs/test/kern.txt > security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= > > From the fuse mount point: > getfattr -d cephfsFUSE/test/* > # file: cephfsFUSE/test/fuse.txt > user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDWk/9Xp9EBAAAAAAAAAAA= > > # file: cephfsFUSE/test/kern.txt > user.DOSATTRIB=0sMHgyMAAAAwADAAAAEQAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACn5NNXp9EBAAAAAAAAAAA= > user.SAMBA_PAI=0sAgSMCgAAAAABgoYeAAAC/////wAAU0IPAAABU0IPAAAAdYYeAAABdYYeAAAAgoYeAAABgoYeAAAA1IgeAAAB1IgeAA== > > getfattr -n security.NTACL cephfsFUSE/test/* > cephfsFUSE/test/fuse.txt: security.NTACL: No such attribute > # file: cephfsFUSE/test/kern.txt > security.NTACL=0sBAAEAAAAAgAEAAIAAQCTmhdBqtfVP7wjRV5I5pbpS7TujXr4W5CH92kmxZi65wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcG9zaXhfYWNsAGJVuu1Xp9EBXabAFE2ygrZqS3iTrmeMEMXfIld3Z24CLOqiJdxKFuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABIy0AAAA0AAAAAAAAADsAAAAAQUAAAAAAAUVAAAAZyXqS1iZDzIIAEWj9AEAAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAACAJwABQAAAAAAFACpABIAAQEAAAAAAAEAAAAAAAAUAP8BHwABAQAAAAAABRIAAAAAACQA/wEfAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo/QBAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFowECAAAAACQAqQASAAEFAAAAAAAFFQAAAGcl6ktYmQ8yCABFo1MEAAA= > > The file created by SAMBA using the fuse mount is missing the > user.SAMBA_PAI and security.NTACL ACLs. This prevents SAMBA from > properly supporting fuse mounted file systems in an AD setup. This is odd — the Client library quite explicitly supports "user", "security", "trusted", and "ceph" xattr namespaces. And I think this is tested by other things. Presumably you can get some logs out of Samba indicating that the xattr writes failed? Also, it looks like you've noted Samba's CephFS VFS — is there some reason you don't want to just use that? :) -Greg > > Test setup info: > ceph -v > ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9) > > Ubuntu version is 14.04 with the 4.6rc4 PPA kernel: > uname -a > Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18 > 03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux > > Samba version 4.4.2 > > Ceph file system mount info: > grep ceph /proc/mounts > 10.14.2.11,10.14.2.12,10.14.2.13:/ /cephfs ceph > rw,noatime,name=cephfs,secret=<hidden>,acl 0 0 > ceph-fuse /cephfsFUSE fuse.ceph-fuse > rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0 > > I have put instructions on how I built SAMBA, the smb.conf file, > /etc/fstab, and the ceph.conf file in pastebin at: > http://pastebin.com/hv7PEqNm > > Best regards, > Eric > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |