[gpfsug-discuss] Supported samba options
Paul Ward
p.ward at nhm.ac.uk
Wed Sep 21 11:45:35 BST 2022
For our HPC shares, we just implement one group per folder, essentially POSIX permissions.
Few groups want smb access.
Nearly all other shares are just SMB.
Of course its the most important one that uses smb and NFS!
Surely there must a be a guidance document on setting up dual protocol shares.
Kindest regards,
Paul
Paul Ward
TS Infrastructure Architect
Natural History Museum
T: 02079426450
E: p.ward at nhm.ac.uk
-----Original Message-----
From: gpfsug-discuss <gpfsug-discuss-bounces at gpfsug.org> On Behalf Of Tagliavini, Enrico
Sent: 19 September 2022 08:42
To: gpfsug-discuss at gpfsug.org
Subject: Re: [gpfsug-discuss] Supported samba options
We run stock Samba (not CES), with vfs_gpfs module enabled and we use POSIX ACL, it works well. Granted Windows permission do not map
1:1 to the POSIX ACL, some options will do nothing, but that's acceptable for us and avoid the use of the NFSv4 ACL, which are not supported by pretty much any common tool (e.g. rsync).
--
Enrico Tagliavini
Systems / Software Engineer
enrico.tagliavini at fmi.ch
Friedrich Miescher Institute for Biomedical Research Informatics
Maulbeerstrasse 66
4058 Basel
Switzerland
On Fri, 2022-09-16 at 22:40 +0100, Jonathan Buzzard wrote:
> On 16/09/2022 11:02, Paul Ward wrote:
> >
> > Thanks Christof,
> >
> > But we are already using 'hosts deny', 'hosts allow' and 'valid users' which appear to have been implemented.
> > Is there a document showing what is implemented, rather than just supported.
> >
> > If there are supported commands, that replace the three I have mentioned (and force user/ force group) please let me know.
> >
> > We have shares where we want to restrict access to one of more servers, no password required.
> > And shares where we want to restrict access to multiple AD users, currently not specified in AD groups, although that is an option.
> >
>
> In my experience, though this was all many years ago, as I have not
> run Samba on GPFS for over a decade now (it's about to change as I am
> in the process of setting up some protocol nodes) the force user, etc.
> etc. did not work well.
>
> The "right" solution is or certainly was to use NFSv4 ACL's and the
> vfs_gpfs module to make it all work as near as possible to a Windows server.
>
> I of course had the realization a couple of days ago that I am going
> to have to put NFSv4 ACL's on everything in the file system which
> means backing it all up again :-(
>
>
> JAB.
>
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss_gpfsug.org&data=05%7C01%7Cp.ward%40nhm.ac.uk%7Cd80e103e060641ee84d308da9a12af35%7C73a29c014e78437fa0d4c8553e1960c1%7C1%7C0%7C637991702285798537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=39Sy9QokhwXaFnobEWiyI7XAgzGEEluwUx6T%2FradXyg%3D&reserved=0
More information about the gpfsug-discuss
mailing list