[gpfsug-discuss] question about why unix extensions = no is recommended when using samba + gpfs?

Sabuj Pattanayek sabujp at gmail.com
Thu Mar 13 12:45:01 GMT 2014


We tried the nfsv4 acl route and it didn't work out so well for us when
files/directories would get promoted to nfsv4 acl's (but maybe I'll revisit
it when I get a chance), I had unix extensions turned off at that time.
We're using for our main template share :

vfs objects = shadow_copy2 gpfs acl_xattr fileid
gpfs:acl = no

to pass acl's to acl_xattr and it seems to work ok and tivoli is able to
backup the security.NTACL extended attribute and restore it without
problems. It'll end up using posix ACLs assigning default acl's for the
users/groups that are assigned to the files/dirs . All of it breaks umask
and other things though, which isn't that big of a deal with samba's
ability to force modes for particular shares.

Regarding unix extensions, it seems there are problems either way (or
perhaps were?), but the problems may be "more" severe if unix extensions
are turned off?


I'll need to do some more testing with the latest OSX in that case since it
looks like many of these posts were written years ago. We are also running
the latest stable samba 4.1.x from sernet. But it's good to know that unix
extensions = no is not because of some requirement in GPFS.


On Thu, Mar 13, 2014 at 5:09 AM, Jonathan Buzzard <jonathan at buzzard.me.uk>wrote:

> On Wed, 2014-03-12 at 19:07 -0500, Sabuj Pattanayek wrote:
> > Hi all,
> >
> >
> > I was wondering why here :
> >
> >
> > https://www.mail-archive.com/gpfsug-discuss@gpfsug.org/msg00121.html
> >
> >
> > ...and several other forums, wikis, etc it's recommended to use :
> >
> >
> > unix extensions = no
> >
> >
> > for samba setups with GPFS? This disables the ability for linux/unix
> > samba clients to see the actual mode bits on files.
> >
> Because it messes horribly with NFSv4 ACL's, and MacOSX clients in
> particular do "bad things" using Unix extensions that break group
> shares. Therefore unless you absolutely need it which most people don't
> then disabling it is a sensible choice to avoid wasting hours of your
> time trying to work out why everything is broken.
> JAB.
> --
> Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
> Fife, United Kingdom.
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at gpfsug.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20140313/31f7efc9/attachment-0003.htm>

More information about the gpfsug-discuss mailing list