<div dir="ltr"><div>Hi,</div><div><br></div>We tried the nfsv4 acl route and it didn't work out so well for us when files/directories would get promoted to nfsv4 acl's (but maybe I'll revisit it when I get a chance), I had unix extensions turned off at that time. We're using for our main template share :<div>
<br></div><div>vfs objects = shadow_copy2 gpfs acl_xattr fileid<br></div><div>gpfs:acl = no<br></div><div><br></div><div>to pass acl's to acl_xattr and it seems to work ok and tivoli is able to backup the security.NTACL extended attribute and restore it without problems. It'll end up using posix ACLs assigning default acl's for the users/groups that are assigned to the files/dirs . All of it breaks umask and other things though, which isn't that big of a deal with samba's ability to force modes for particular shares.</div>
<div><br></div><div>Regarding unix extensions, it seems there are problems either way (or perhaps were?), but the problems may be "more" severe if unix extensions are turned off?</div><div><br></div><div><a href="http://wiki.phys.ethz.ch/readme/mac_samba">http://wiki.phys.ethz.ch/readme/mac_samba</a><br>
</div><div><br></div><div>I'll need to do some more testing with the latest OSX in that case since it looks like many of these posts were written years ago. We are also running the latest stable samba 4.1.x from sernet. But it's good to know that unix extensions = no is not because of some requirement in GPFS.</div>
<div><br></div><div>Thanks,</div><div>Sabuj</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 13, 2014 at 5:09 AM, Jonathan Buzzard <span dir="ltr"><<a href="mailto:jonathan@buzzard.me.uk" target="_blank">jonathan@buzzard.me.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Wed, 2014-03-12 at 19:07 -0500, Sabuj Pattanayek wrote:<br>
> Hi all,<br>
><br>
><br>
> I was wondering why here :<br>
><br>
><br>
> <a href="https://www.mail-archive.com/gpfsug-discuss@gpfsug.org/msg00121.html" target="_blank">https://www.mail-archive.com/gpfsug-discuss@gpfsug.org/msg00121.html</a><br>
><br>
><br>
> ...and several other forums, wikis, etc it's recommended to use :<br>
><br>
><br>
> unix extensions = no<br>
><br>
><br>
> for samba setups with GPFS? This disables the ability for linux/unix<br>
> samba clients to see the actual mode bits on files.<br>
><br>
<br>
</div></div>Because it messes horribly with NFSv4 ACL's, and MacOSX clients in<br>
particular do "bad things" using Unix extensions that break group<br>
shares. Therefore unless you absolutely need it which most people don't<br>
then disabling it is a sensible choice to avoid wasting hours of your<br>
time trying to work out why everything is broken.<br>
<br>
<br>
JAB.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Jonathan A. Buzzard Email: jonathan (at) <a href="http://buzzard.me.uk" target="_blank">buzzard.me.uk</a><br>
Fife, United Kingdom.<br>
<br>
_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at <a href="http://gpfsug.org" target="_blank">gpfsug.org</a><br>
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br>
</font></span></blockquote></div><br></div>