New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NAS-100103 / 11.3 / Store share ACL information persistently #3206
Conversation
smb.sharesec.getacl - returns ACL of share specified as argument 1. smb.sharesec.setacl - sets an ACL on a share (both in share_info.tdb and cifs_share_acl) smb.sharesec.synchronize_acls - writes the ACLs backed up in cifs_share_acl to share_info.tdb if share_info.tdb is empty. This can happen if boot device fails or post-upgrade. Otherwise, this call will update the database with the ACL stored in share_info.tdb if there is a discrepency between the two. Preference is given to the running copy of share_info.tdb because it may be modified by SMB clients.
This script is no longer used
@@ -1,7 +1,8 @@ | |||
#!/usr/bin/env python3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That shouldn't be there. :/
async def getacl(self, share_name, options): | ||
""" | ||
View the ACL information for `share_name`. The share ACL is distinct from filesystem | ||
ACLs which can be viewed by calling `filesystem,.getacl`. `ae_who_name` will appear |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
filesystem.getacl
rc_acl = ' '.join([(await self._ae_to_string(i)) for i in rc_info['share_acl']]) | ||
if rc_acl != s['share_acl']: | ||
self.logger.debug( | ||
'updating stored ACL on %s to %s' % (s['name'], rc_acl) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
debug('updating stored ACL on %s to %s', s['name'], rc_acl)
* Make smb plugin aware of share acls smb.sharesec.getacl - returns ACL of share specified as argument 1. smb.sharesec.setacl - sets an ACL on a share (both in share_info.tdb and cifs_share_acl) smb.sharesec.synchronize_acls - writes the ACLs backed up in cifs_share_acl to share_info.tdb if share_info.tdb is empty. This can happen if boot device fails or post-upgrade. Otherwise, this call will update the database with the ACL stored in share_info.tdb if there is a discrepency between the two. Preference is given to the running copy of share_info.tdb because it may be modified by SMB clients.
This ACL is stored in /var/db/samba4/share_info.tdb, and is used by many users to control share visibility in browse lists with the parameter "access based share enumeration". Make middleware aware of its presence and set up periodic task to synchronize the share ACL information with the freenas configuration database (if needed).