Hi, Without calling ceph_mount_perms_set(), libcephfs consumers such as Samba can rely upon UserPerm::uid() and UserPerm::gid() to fallback to geteuid() and setegid() respectively for things such as ACL enforcement. However, there is no such fallback for supplementary groups, so ACL checks for a user which is only permitted path access via a supplementary group will result in a permission denied error. Samba ticket: https://bugzilla.samba.org/show_bug.cgi?id=14053 I've written a patch to address this (it currently omits the get_gids() codepath): https://github.com/ddiss/ceph/commit/035a1785ec73d803fead42c7240df01b755a815b Does this approach make sense, or should Samba go down the ceph_mount_perms_set() route to avoid this bug? The latter would likely be problematic, as user/group details for a mount will remain static. Cheers, David _______________________________________________ Dev mailing list -- dev@xxxxxxx To unsubscribe send an email to dev-leave@xxxxxxx
