Bug 13175 - Accessing ZFS snapshot directories over SMB
Accessing ZFS snapshot directories over SMB
Product: Samba 4.1 and newer
Classification: Unclassified
Component: VFS Modules
All All
: P5 normal
: ---
Assigned To: Ralph Böhme
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2017-12-05 09:24 UTC by Ralph Böhme
Modified: 2017-12-07 13:28 UTC (History)
2 users (show)

See Also:

WIP patch for master (1.73 KB, patch)
2017-12-05 09:24 UTC, Ralph Böhme
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2017-12-05 09:24:24 UTC
Created attachment 13845 [details]
WIP patch for master

Currently trying to access ZFS snapshot directories over SMB fails:

$ bin/smbclient -U slow%x //localhost/test
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Tue Dec  5 09:05:27 2017
  ..                                  D        0  Tue Dec  5 08:49:27 2017
  .zfs                               DH        0  Tue Dec  5 08:49:27 2017
  test                                D        0  Tue Dec  5 09:06:06 2017

                1949611 blocks of size 1024. 1949578 blocks available
smb: \> ls .zfs/*

This happens because the acl() library call fails with ENOTSUP on the snapshot directories. This could be easily fixed by synthesizing an ACL based on the POSIX mode, much like the getfacl() command on FreeBSD does. The attached WIP patch implements this.

Question do we want this?
Comment 1 Jeremy Allison 2017-12-05 17:10:32 UTC
Yes we do (so long as it doesn't open up security). ZFS-based filers are very popular, and so long as Linux doesn't have RichACLs this is the only game in town. So +1 from me ! (Jeremy).
Comment 2 Timur Bakeyev 2017-12-07 05:18:44 UTC
Thanks, Ralph, we are going to look. We have related problem with the snapshots and extended attributes, could be that it lays here in fact.
Comment 3 Ralph Böhme 2017-12-07 13:28:11 UTC
(In reply to Timur Bakeyev from comment #2)
Thanks Timur! Btw, I actually built and tested the patch this time. :)