File System Support

From SambaWiki
Revision as of 18:54, 12 January 2017 by Mmuehlfeld (talk | contribs) (Added tags. Rephrased error description.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


To set up shares with extended access control list (ACL) support, the file system hosting the share must have the user and system xattr name space enabled. On a Samba Active Directory (AD) domain controller (DC), samba-tool verifies this setting automatically for the file system the Sysvol share is created on.



You do not have to modify /etc/fstab , ext4 uses all the required options by default.

Kernel support

Ensure that your kernel has the following options enabled:




For filesystems of that type shared by Samba, add the following options to your /etc/fstab:

/dev/...          /srv/samba/demo          ext3          user_xattr,acl,barrier=1          1 1

Note: The barrier=1 option ensures that tdb transactions are safe against unexpected power loss.

Please be careful modifying your fstab. It can lead into an unbootable system!

Kernel support

Ensure that your kernel has the following options enabled:




No special mount options are required in your fstab.

Kernel support

Ensure that your kernel has the following options enabled:


File systems without xattr support

Note: This is not recommended!!!

If you don't have a filesystem with xattr support, you can simulate it by adding the following line to your smb.conf:

  posix:eadb = /usr/local/samba/private/eadb.tdb

This will place all extra file attributes (NT ACLs, DOS EAs, streams, etc), in that tdb.

Note: This way it is not efficient and doesn't scale well. That's why it shouldn't be used in production!

Testing your filesystem

Note: This is not required for file systems without xattr support.

Before you start testing, ensure, that you have the attr package installed!

Run the following commands as root to test xattr support:

# touch test.txt
# setfattr -n user.test -v test test.txt
# setfattr -n security.test -v test2 test.txt

The following commands should return the shown output:

# getfattr -d test.txt
# file: test.txt

# getfattr -n security.test -d test.txt
# file: test.txt

Run the following commands as root to test extended ACL support:

# touch test.txt
# setfacl -m g:adm:rwx test.txt

The following command should return the shown output:

# getfacl test.txt
# file: test.txt
# owner: root
# group: root

If an Operation not supported error is displayed:

  • your kernel is not configured correctly,
  • or your file system is not mounted using the correct options, or
  • you did not ran the commands using the root user.