File System Support: Difference between revisions

From SambaWiki
(Remove CONFIG_EXT4_FS_XATTR/CONFIG_EXT3_FS_XATTR. Option was removed from the kernel in 2012 and is on by default now.)
m (Mmuehlfeld moved page Operating system requirements/File system support to File System Support: Rephrase Title)
(No difference)

Revision as of 12:29, 3 October 2016

To use the advanced features of Samba, you need a filesystem that supports both the "user" and "system" xattr namespace. You need this support on file systems that you will share through Samba.

For Samba Active Directory Domain Controllers, „samba-tool“ tests during the provisioning the xattr support for /usr/local/samba/var/locks/sysvol/.



ext4

fstab

You do not have to modify /etc/fstab , ext4 uses all the required options by default.


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_FS_POSIX_ACL=y



ext3

fstab

For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext3          user_xattr,acl,barrier=1          1 1

Note: The „barrier=1“ option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT3_FS_POSIX_ACL=y



XFS

fstab

No special mount options are required in your fstab.


Kernel support

Ensure that your kernel has the following options enabled:

CONFIG_XFS_POSIX_ACL=y




File systems without xattr support

Note: This is not recommended!!!

If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:

  posix:eadb = /usr/local/samba/private/eadb.tdb

This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.

Note: This way it is not efficient and doesn't scale well. That's why it shouldn't be used in production!



Testing your filesystem

Note: This is not required for file systems without xattr support.

Before you start testing, ensure, that you have the „attr“ package installed!

Run the following commands as root to test xattr support:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt

The following commands should return the shown output:

# getfattr -d test.txt
# file: test.txt
user.test="test"

# getfattr -n security.test -d test.txt
# file: test.txt
security.test="test2"

Run the following commands as root to test extended ACL support:

# touch test.txt
# setfacl -m g:adm:rwx test.txt

The following command should return the shown output:

# getfacl test.txt
# file: test.txt
# owner: root
# group: root
user::rw-
group::r--
group:adm:rwx
mask::rwx
other::r--

Note: Getting an "Operation not supported" error means your kernel is not configured correctly or your filesystem is not mounted with the correct options.

Note: Getting an "Operation not permitted" error means you didn't run the commands as user „root“.