GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
VFS_ZFSACL(8) System Administration tools VFS_ZFSACL(8)

vfs_zfsacl - ZFS ACL samba module

vfs objects = zfsacl

This VFS module is part of the samba(7) suite.
The zfsacl VFS module is the home for all ACL extensions that Samba requires for proper integration with ZFS.
Currently the zfsacl vfs module provides extensions in following areas :
•NFSv4 ACL Interfaces with configurable options for ZFS
NOTE:This module follows the posix-acl behaviour and hence allows permission stealing via chown. Samba might allow at a later point in time, to restrict the chown via this module as such restrictions are the responsibility of the underlying filesystem than of Samba.
This module makes use of the smb.conf parameter acl map full control = acl map full control When set to yes (the default), this parameter will add in the FILE_DELETE_CHILD bit on a returned ACE entry for a file (not a directory) that already contains all file permissions except for FILE_DELETE and FILE_DELETE_CHILD. This can prevent Windows applications that request GENERIC_ALL access from getting ACCESS_DENIED errors when running against a filesystem with NFSv4 compatible ACLs.
This module is stackable.
Since Samba 4.0 all options are per share options.

nfs4:mode = [ simple | special ]
Controls substitution of special IDs (OWNER@ and GROUP@) on ZFS. The use of mode simple is recommended. In this mode only non inheriting ACL entries for the file owner and group are mapped to special IDs.
The following MODEs are understood by the module:
•simple(default) - use OWNER@ and GROUP@ special IDs for non inheriting ACEs only.
•special(deprecated) - use OWNER@ and GROUP@ special IDs in ACEs for all file owner and group ACEs.
nfs4:acedup = [dontcare|reject|ignore|merge]
This parameter configures how Samba handles duplicate ACEs encountered in ZFS ACLs. ZFS allows/creates duplicate ACE for different bits for same ID.
Following is the behaviour of Samba for different values :
•dontcare (default) - copy the ACEs as they come
•reject - stop operation and exit with error on ACL set op
•ignore - don't include the second matching ACE
•merge - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE
nfs4:chown = [yes|no]
This parameter allows enabling or disabling the chown supported by the underlying filesystem. This parameter should be enabled with care as it might leave your system insecure.
Some filesystems allow chown as a) giving b) stealing. It is the latter that is considered a risk.
Following is the behaviour of Samba for different values :
•yes - Enable chown if as supported by the under filesystem
•no (default) - Disable chown

A ZFS mount can be exported via Samba as follows :
         [samba_zfs_share]
	 vfs objects = zfsacl
	 path = /test/zfs_mount
	 nfs4: mode = special
	 nfs4: acedup = merge

This man page is part of version 4.8.7 of the Samba suite.

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
11/26/2018 Samba 4.8.7

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.