Description Arvid Requate 2019-06-24 13:40:17 CEST

I discussed diverse ACLs (NTACLs, POSIX.1 fACLs, NFS4-ACLs) with a friend this weekend and did a little research on where NFS v4 ACLs are stored in ext4/ext3. While I didn't find a specific answer to this implementation detail of the ext filesystem, I actually found something more interesting, which is the

vfs_nfs4acl_xattr for Samba ( http://samba.2283325.n4.nabble.com/RFC-vfs-nfs4acl-xattr-NFS4-1-support-support-for-XDR-encoding-and-more-td4725548.html ), which does a similar thing to vfs_acl_xattr, but translates an NTACL to an XDR encoded NFSv4 ACL and stores it in "security.nfs4acl_xdr" (by default).

There is a little confusion about the name of the xattr that is used to represent the NFSv4 ACLS for use space tools. E.g. the nfs4_getacl and nfs4_setacl tools use "system.nfs4_acl" instead ( see e.g. https://lists.samba.org/archive/samba/2017-March/207216.html ). The Samba VFS module offers a parameter to adjust this (the man page for the module documents "nfs4acl_xattr:xattr_name").


As a first step someone should test this. My current dream would be to use both "vfs_acl_xattr" and "vfs_nfs4acl_xattr" for shares and have all ACLs live happily together (insert rainbow emoji here).

FYI: For an overview of ACLs https://www.kernel.org/doc/ols/2010/ols2010-pages-19-32.pdf is a very good resource.