Hello all. I was hoping I could start a discussion regarding Samba and the use of NFSv4 ACL's on ZFS.
I have been working for several days to allow Samba to use the new NFSv4 ACL's that are available with FreeBSD 8.1 and ZFS. I checked the existing Samba versions in the ports collection and I did not see any support for this feature. The only information that I could find regarding this subject was some references in http://wiki.freebsd.org/NFSv4_ACLs and some references to Samba and its vfs_zfsacl module in a Solaris forum. I was finally able to determine that I needed to customize a port to build this module. I installed the "libsunacl" port and patched the "samba34" port to use this library and to build the vfs_zfsacl module. I also had to tweak the smb.conf to make Samba work properly with this module and the ZFS ACL's.
As of this morning, everything appears to be working properly. I am able to set permissions on by Samba shares via the Security dialogs on Windows XP. The permissions are being changed on the NFSv4 ACL's and I am able to see the changes via getfacl on FreeBSD. I am also able to connect to the share via OS X and the permissions seem to be correct.
This was a rather difficult and time consuming task. I would rather it not be this difficult for future users. I would like to submit my modifications to the port, however, I am not sure how to do this properly. There are several open questions regarding the port modifications.
1) The vfs_zfsacl module appears to be completely separate from the --with-acl-support configuration option. As such, should vfs_zfsacl be included in the existing ACL_SUPPORT port configuration option or should it be a separate option? Perhaps it should be included in EXP_MODULES instead???
2) OS X was not able to properly "see" the ACL permissions. Windows was able to see the permissions and my username has full access to the share. Connecting to the share with OS X using the same username, I was not able to write to the root of the share. I did, however, have full access to any subfolders. I am not sure if this is an OS X issue or a Samba issue. I had to add "unix extensions = no" to the smb.conf (see http://splatdot.com/fixing-snow-leopard-10-6-3-samba-write-access). I believe there should be a note in the smb.conf installed by the port regarding this issue.
I am hoping that a port maintainer is monitoring this list and could assist me in possibly incorporating these changes in the Samba port(s).
These changes could also benefit other projects, such as FreeNAS. With the apparent death of OpenSolaris, FreeBSD is poised to become the primary opensource OS for ZFS. The continuing development on FreeBSD to add newer versions of ZFS and additional features, such as deduplication, is very exciting. For these reasons, and many others, I believe it would be of great benefit to integrate the features of NFSv4/ZFS into applications such as Samba.
I have been working for several days to allow Samba to use the new NFSv4 ACL's that are available with FreeBSD 8.1 and ZFS. I checked the existing Samba versions in the ports collection and I did not see any support for this feature. The only information that I could find regarding this subject was some references in http://wiki.freebsd.org/NFSv4_ACLs and some references to Samba and its vfs_zfsacl module in a Solaris forum. I was finally able to determine that I needed to customize a port to build this module. I installed the "libsunacl" port and patched the "samba34" port to use this library and to build the vfs_zfsacl module. I also had to tweak the smb.conf to make Samba work properly with this module and the ZFS ACL's.
As of this morning, everything appears to be working properly. I am able to set permissions on by Samba shares via the Security dialogs on Windows XP. The permissions are being changed on the NFSv4 ACL's and I am able to see the changes via getfacl on FreeBSD. I am also able to connect to the share via OS X and the permissions seem to be correct.
This was a rather difficult and time consuming task. I would rather it not be this difficult for future users. I would like to submit my modifications to the port, however, I am not sure how to do this properly. There are several open questions regarding the port modifications.
1) The vfs_zfsacl module appears to be completely separate from the --with-acl-support configuration option. As such, should vfs_zfsacl be included in the existing ACL_SUPPORT port configuration option or should it be a separate option? Perhaps it should be included in EXP_MODULES instead???
2) OS X was not able to properly "see" the ACL permissions. Windows was able to see the permissions and my username has full access to the share. Connecting to the share with OS X using the same username, I was not able to write to the root of the share. I did, however, have full access to any subfolders. I am not sure if this is an OS X issue or a Samba issue. I had to add "unix extensions = no" to the smb.conf (see http://splatdot.com/fixing-snow-leopard-10-6-3-samba-write-access). I believe there should be a note in the smb.conf installed by the port regarding this issue.
I am hoping that a port maintainer is monitoring this list and could assist me in possibly incorporating these changes in the Samba port(s).
These changes could also benefit other projects, such as FreeNAS. With the apparent death of OpenSolaris, FreeBSD is poised to become the primary opensource OS for ZFS. The continuing development on FreeBSD to add newer versions of ZFS and additional features, such as deduplication, is very exciting. For these reasons, and many others, I believe it would be of great benefit to integrate the features of NFSv4/ZFS into applications such as Samba.