[gpfsug-discuss] Supported samba options

[Tagliavini, Enrico]

We run stock Samba (not CES), with vfs_gpfs module enabled and we use POSIX ACL, it works well. Granted Windows permission do not map
1:1 to the POSIX ACL, some options will do nothing, but that's acceptable for us and avoid the use of the NFSv4 ACL, which are not
supported by pretty much any common tool (e.g. rsync).

-- 

Enrico Tagliavini
Systems / Software Engineer

enrico.tagliavini at fmi.ch

Friedrich Miescher Institute for Biomedical Research
Informatics

Maulbeerstrasse 66
4058 Basel
Switzerland





On Fri, 2022-09-16 at 22:40 +0100, Jonathan Buzzard wrote:
> On 16/09/2022 11:02, Paul Ward wrote:
> > 
> > Thanks Christof,
> > 
> > But we are already using 'hosts deny', 'hosts allow' and 'valid users' which appear to have been implemented.
> > Is there a document showing what is implemented, rather than just supported.
> > 
> > If there are supported commands, that replace the three I have mentioned (and force user/ force group) please let me know.
> > 
> > We have shares where we want to restrict access to one of more servers, no password required.
> > And shares where we want to restrict access to multiple AD users, currently not specified in AD groups, although that is an option.
> > 
> 
> In my experience, though this was all many years ago, as I have not run 
> Samba on GPFS for over a decade now (it's about to change as I am in the 
> process of setting up some protocol nodes) the force user, etc. etc. did 
> not work well.
> 
> The "right" solution is or certainly was to use NFSv4 ACL's and the 
> vfs_gpfs module to make it all work as near as possible to a Windows server.
> 
> I of course had the realization a couple of days ago that I am going to 
> have to put NFSv4 ACL's on everything in the file system which means 
> backing it all up again :-(
> 
> 
> JAB.
>