Re: ACL support in Jewel using fuse and SAMBA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 6, 2016 at 2:14 PM, Eric Eastman
<eric.eastman@xxxxxxxxxxxxxx> wrote:

> As it should be working, I will increase the logging level in my
> smb.conf file and see what info I can get out of the logs, and report back.

Setting the log level = 20 in my smb.conf file, and trying to add an
additional user to a directory on the Windows 2012 server, that has
mounted the share using a fuse mount to a Ceph file system shows the
error: "Operation not supported"  in the smbd log file:

[2016/05/07 23:41:19.213997, 10, pid=2823630, effective(2000501,
2000514), real(2000501, 0)]
../source3/modules/vfs_posixacl.c:92(posixacl_sys_acl_set_file)
  Calling acl_set_file: New folder (4), 0
[2016/05/07 23:41:19.214170, 10, pid=2823630, effective(2000501,
2000514), real(2000501, 0)]
../source3/modules/vfs_posixacl.c:111(posixacl_sys_acl_set_file)
  acl_set_file failed: Operation not supported

A simple test of setting an ACL from the command line to a fuse
mounted Ceph file system also fails:
# mkdir /cephfsFUSE/x
# setfacl -m d:o:rw /cephfsFUSE/x
setfacl: /cephfsFUSE/x: Operation not supported

The same test to the same Ceph file system using the kernel mount
method works.

Is there some option in my ceph.conf file or on the mount line that
needs to be used to support setting ACLs on a fuse mounted Ceph file
system?

-Eric


>
> On Fri, May 6, 2016 at 12:53 PM, Gregory Farnum <gfarnum@xxxxxxxxxx> wrote:
>> On Fri, May 6, 2016 at 9:53 AM, Eric Eastman
>> <eric.eastman@xxxxxxxxxxxxxx> wrote:
>>> I was doing some SAMBA testing and noticed that a kernel mounted share
>>> acted differently then a fuse mounted share with Windows security on
>>> my windows client. I cut my test down to as simple as possible, and I
>>> am seeing the kernel mounted Ceph file system working as expected with
>>> SAMBA and the fuse mounted file system not creating all the SAMBA
>>> ACLs. Is there some option that needs to be turned on to have the fuse
>>> mount to support ACL in the same way the kernel mount does?
>>>
...
>>> The file created by SAMBA using the fuse mount is missing the
>>> user.SAMBA_PAI and security.NTACL ACLs.  This prevents SAMBA from
>>> properly supporting fuse mounted file systems in an AD setup.
>>
>> This is odd — the Client library quite explicitly supports "user",
>> "security", "trusted", and "ceph" xattr namespaces. And I think this
>> is tested by other things.
>>
>> Presumably you can get some logs out of Samba indicating that the
>> xattr writes failed?
>>
>> Also, it looks like you've noted Samba's CephFS VFS — is there some
>> reason you don't want to just use that? :)
>> -Greg
>>
>>>
>>> Test setup info:
>>> ceph -v
>>> ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9)
>>>
>>> Ubuntu version is 14.04 with the 4.6rc4 PPA kernel:
>>> uname -a
>>> Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18
>>> 03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> Samba version 4.4.2
>>>
>>> Ceph file system mount info:
>>> grep ceph /proc/mounts
>>> 10.14.2.11,10.14.2.12,10.14.2.13:/ /cephfs ceph
>>> rw,noatime,name=cephfs,secret=<hidden>,acl 0 0
>>> ceph-fuse /cephfsFUSE fuse.ceph-fuse
>>> rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0
>>>
>>> I have put instructions on how I built SAMBA, the smb.conf file,
>>> /etc/fstab, and the ceph.conf file in pastebin at:
>>> http://pastebin.com/hv7PEqNm
>>>
>>> Best regards,
>>> Eric
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux