Ubuntu 18.04 samba/samb-vfs-module not compiled/built --with-acl-support or zfsacl vfs module

Bug #1788776 reported by invtrasys
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

According to Samba4 documentation, there is a vfs module that is supposed to work hand in hand with zfs, called zfsacl. The documentation for this (for 4.7.6) can be found listed here: https://www.samba.org/samba/docs/4.7/man-html/vfs_zfsacl.8.html

However, when attempting to use the zfsacl vfs module in a smb.conf file like so:
[storage]
    path = "/mnt/zfs_pool/storage"
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    access based share enum = no
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = streams_xattr recycle zfsacl
    hide dot files = no
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes

Samba will start the service fine, but then reports the following in log.smbd when attempting to access the share:
$ tail -f /var/log/samba/log.smbd
[2018/08/23 17:33:08.065547, 0] ../source3/smbd/service.c:623(make_connection_snum)
  vfs_init failed for service storage
[2018/08/23 17:33:08.065887, 0] ../lib/util/modules.c:49(load_module)
  Error loading module '/usr/lib/x86_64-linux-gnu/samba/vfs/zfsacl.so': /usr/lib/x86_64-linux-gnu/samba/vfs/zfsacl.so: cannot open shared object file: No such file or directory
[2018/08/23 17:33:08.065899, 0] ../source3/smbd/vfs.c:184(vfs_init_custom)
  error probing vfs module 'zfsacl': NT_STATUS_UNSUCCESSFUL
[2018/08/23 17:33:08.065905, 0] ../source3/smbd/vfs.c:379(smbd_vfs_init)
  smbd_vfs_init: vfs_init_custom failed for zfsacl
[2018/08/23 17:33:08.065911, 0] ../source3/smbd/service.c:623(make_connection_snum)
  vfs_init failed for service storage

I have the following packages installed (in reference to both zfs and samba4):
~$ sudo dpkg -l | grep -i samba && sudo dpkg -l | grep -i zfs
ii libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba winbind client library
ii python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Python bindings for Samba
ii samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 all common files used by both the Samba server and client
ii samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba common files used by both the server and the client
ii samba-dev 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 tools for extending Samba
ii samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba core libraries
ii samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba Virtual FileSystem plugins
ii libzfs2linux 0.7.5-1ubuntu16.3 amd64 OpenZFS filesystem library for Linux
ii libzpool2linux 0.7.5-1ubuntu16.3 amd64 OpenZFS pool library for Linux
ii zfs-zed 0.7.5-1ubuntu16.3 amd64 OpenZFS Event Daemon
ii zfsutils-linux 0.7.5-1ubuntu16.3 amd64 command-line tools to manage OpenZFS filesystems

When looking in that folder, we have the following list of packages:
~$ ls -al /usr/lib/x86_64-linux-gnu/samba/vfs/
total 1148
drwxr-xr-x 2 root root 4096 Aug 20 21:44 .
drwxr-xr-x 9 root root 12288 Aug 23 02:07 ..
-rw-r--r-- 1 root root 39736 Aug 6 11:30 acl_tdb.so
-rw-r--r-- 1 root root 35640 Aug 6 11:30 acl_xattr.so
-rw-r--r-- 1 root root 27376 Aug 6 11:30 aio_fork.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 aio_pthread.so
-rw-r--r-- 1 root root 15160 Aug 6 11:30 audit.so
-rw-r--r-- 1 root root 27376 Aug 6 11:30 btrfs.so
-rw-r--r-- 1 root root 31472 Aug 6 11:30 cap.so
-rw-r--r-- 1 root root 56048 Aug 6 11:30 catia.so
-rw-r--r-- 1 root root 51952 Aug 6 11:30 ceph.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 commit.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 crossrename.so
-rw-r--r-- 1 root root 6896 Aug 6 11:30 default_quota.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 dfs_samba4.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 dirsort.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 expand_msdfs.so
-rw-r--r-- 1 root root 19256 Aug 6 11:30 extd_audit.so
-rw-r--r-- 1 root root 6896 Aug 6 11:30 fake_perms.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 fileid.so
-rw-r--r-- 1 root root 105272 Aug 6 11:30 fruit.so
-rw-r--r-- 1 root root 56120 Aug 6 11:30 full_audit.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 linux_xfs_sgid.so
-rw-r--r-- 1 root root 47856 Aug 6 11:30 media_harmony.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 netatalk.so
-rw-r--r-- 1 root root 6896 Aug 6 11:30 offline.so
-rw-r--r-- 1 root root 19184 Aug 6 11:30 posix_eadb.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 preopen.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 readahead.so
-rw-r--r-- 1 root root 23352 Aug 6 11:30 readonly.so
-rw-r--r-- 1 root root 23280 Aug 6 11:30 recycle.so
-rw-r--r-- 1 root root 68336 Aug 6 11:30 shadow_copy2.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 shadow_copy.so
-rw-r--r-- 1 root root 10992 Aug 6 11:30 shell_snap.so
-rw-r--r-- 1 root root 56120 Aug 6 11:30 snapper.so
-rw-r--r-- 1 root root 27376 Aug 6 11:30 streams_depot.so
-rw-r--r-- 1 root root 39664 Aug 6 11:30 streams_xattr.so
-rw-r--r-- 1 root root 15088 Aug 6 11:30 syncops.so
-rw-r--r-- 1 root root 56048 Aug 6 11:30 time_audit.so
-rw-r--r-- 1 root root 47928 Aug 6 11:30 unityed_media.so
-rw-r--r-- 1 root root 6896 Aug 6 11:30 worm.so
-rw-r--r-- 1 root root 23280 Aug 6 11:30 xattr_tdb.so'

Running testparm doesn't mention any errors though:
~$ sudo testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[storage]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        allow insecure wide links = Yes
        deadtime = 15
        disable spoolss = Yes
        dns proxy = No
        dos charset = CP437
        hostname lookups = Yes
        kernel change notify = No
        lm announce = Yes
        load printers = No
        logging = file
        map to guest = Bad User
        max log size = 51200
        max open files = 1030997
        netbios aliases = NAS
        obey pam restrictions = Yes
        printcap name = /dev/null
        security = USER
        server role = standalone server
        server string = nas
        time server = Yes
        fruit:time machine = yes
        fruit:aapl = yes
        fruit:advertize_fullsync = true
        fruit:model = MacPro
        idmap config *: range = 90000001-100000000
        idmap config * : backend = tdb
        acl allow execute always = Yes
        create mask = 0666
        directory mask = 0777
        directory name cache size = 0
        dos filemode = Yes
        ea support = Yes
        printing = bsd
        store dos attributes = Yes
        strict locking = No

[homes]
        browseable = No
        comment = Home Directories
        path = "/mnt/zfs_pool/home/%U"
        read only = No
        valid users = %U
        veto files = /.snapshot/.windows/.mac/.zfs/
        vfs objects = shadow_copy2 streams_xattr recycle
        wide links = Yes
        nfs4:chown = true
        nfs4:acedup = merge
        nfs4:mode = special
        shadow:snapdirseverywhere = yes
        shadow:format = auto-%Y%m%d.%H%M-2w
        shadow:localtime = yes
        shadow:sort = desc
        shadow:snapdir = .zfs/snapshot
        recycle:subdir_mode = 0700
        recycle:directory_mode = 0777
        recycle:touch = yes
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = .recycle/%U

[storage]
        hide dot files = No
        path = "/mnt/zfs_pool/storage"
        read only = No
        veto files = /.snapshot/.windows/.mac/.zfs/
        vfs objects = streams_xattr recycle zfsacl
        nfs4:chown = true
        nfs4:acedup = merge
        nfs4:mode = special
        recycle:subdir_mode = 0700
        recycle:directory_mode = 0777
        recycle:touch = yes
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = .recycle/%U

samba daemon build information:
~$ sudo smbd -b | grep -A 15 -i options
[omit some other lines trying to grab the relevant information]
--with Options:
   WITH_ADS
   WITH_AUTOMOUNT
   WITH_AVAHI_SUPPORT
   WITH_DNS_UPDATES
   WITH_PAM
   WITH_PAM_MODULES
   WITH_PTHREADPOOL
   WITH_QUOTAS
   WITH_SENDFILE
   WITH_SYSLOG
   WITH_WINBIND
[omit past lines that are related to other options in the build]

The additional requirements required for filing a bug
~$ lsb_release -rd
Description: Ubuntu 18.04.1 LTS
Release: 18.04

~$ apt-cache policy samba samba-vfs-modules
samba:
  Installed: 2:4.7.6+dfsg~ubuntu-0ubuntu2.2
  Candidate: 2:4.7.6+dfsg~ubuntu-0ubuntu2.2
  Version table:
 *** 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 500
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.7.6+dfsg~ubuntu-0ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
samba-vfs-modules:
  Installed: 2:4.7.6+dfsg~ubuntu-0ubuntu2.2
  Candidate: 2:4.7.6+dfsg~ubuntu-0ubuntu2.2
  Version table:
 *** 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 500
        500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.7.6+dfsg~ubuntu-0ubuntu2 500
        500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages

Whats happening:
See the above explanation and logs

Expectation:
I am not sure whether to file this against samba or samba-vfs-modules (as it is a two part bug which I am beginning to believe works hand in hand (--with-acl-support not being enabled and the zfsacl module missing). What I was expecting to happen, was that a zfsacl module would exist and the share would be accessible without issue. I have been doing some research into this for a few days, and this is the only conclusion I can come to.

Some additional resources (chat logs):

Conversation in #samba
<caliculk> Hello, I just wanted to double check, but, I have been having issues locating the zfsacl vfs option. https://ubuntuforums.org/showthread.php?t=2399285 when I try to use the zfsacl vfs option, I experience issues with Ubuntu 18.04 Samba Version 4.7.6 not being able to find the kernel module, even though from the docs I have read, it should be available in that version. Is there some other way to install zfsacl vfs module?
<caliculk> Or I guess a better question, why is the --with-acl-support default to no?
<abartlet> it doesn't
<abartlet> --with-acl-support
<abartlet> Build with acl-support support (default=yes)
<caliculk> https://wiki.samba.org/index.php/Build-time_configuration_options#--with-acl-support
<caliculk> That says it defaults to no
<caliculk> If I check samba 4.7.6 using smbd -b I don't have acl support there.
<caliculk> Under the "--with Options:"
<abartlet> caliculk: wikis are often wrong
<abartlet> feel free to fix
<caliculk> They may be often wrong, but, thats all I have to go off of as to trying to figure out why I can't find the stupid zfsacl vfs module on this samba installation. :/
<caliculk> Because otherwise: ~$ sudo smbd -b | grep -i zfs
<caliculk> ~$
<caliculk> And I have "ii samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.2 amd64 Samba Virtual FileSystem plugins
<caliculk> " installed
<abartlet> ok, wiki page fixed (deleted)
<abartlet> sorry, got to get back to work
<caliculk> No worries, if you wouldn't mind helping when you do you have some free time even in the form of some suggestions on where to find the zfsacl vfs module, it would be much appreciated.

Conversation in #ubuntu-server
<caliculk> Hey everyone, I was looking to see if anyone had any information on if zfsacl module is being withheld in the samba package, as according to the samba docs, it should be included in 4.7.6 but it doesn't appear to be the case when trying to use it as a vfs option.
<caliculk> For reference, I am referring to this: https://ubuntuforums.org/showthread.php?t=2399285
<ahasenack> caliculk: hi, I don't remember it being excluded on purpose
<ahasenack> --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4 \
<caliculk> ahasenack, is there any way (besides building from source) to possibly add it back in?
<caliculk> otherwise, ill open up a bug ticket because something is off
<ahasenack> I think a bug is in order
<ahasenack> and probably a debian one as well
<ahasenack> as we take the samba package mostly from them, just adding some touches
<ahasenack> I did a quick search in their bug database, and found nothing about zfs in the samba package
<ahasenack> caliculk: can you elaborate on what starts working once this module is in place?
<ahasenack> it's best to elaborate in the bug, though
<sarnold> ahasenack: zfs doesn't use the posix-ish acls that most of linux uses, they use the nfsv4 acls instead
<sarnold> ahasenack: this module looks like it's a way for samba to use the nfsv4 acls on zfs backed storage rather than the posix acls that might have worked elsewhere

invtrasys (invtrasys)
description: updated
Revision history for this message
invtrasys (invtrasys) wrote :

Also, just to clarify, the benefit of this package is that Samba would be able to provide proper Windows ACL/Permission Sets for ZFS. Since ZFS uses NFSv4 permission types.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Marking as wishlist since it's a new feature for a stable release.

Changed in samba (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Garrett Fields (fields-g) wrote :

ZFS does not, as of this comment, have nfs4acl support under Linux. It is REALLY close. https://github.com/zfsonlinux/zfs/pull/7728 This pull request is mature and just missing test cases for the zfsonlinux build bots.

I found this bug report after building ZOL with this pull code and running into the same issues. Going forward, I also ask for Samba to be built ready to support zfsacl.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi,
I'm coming by old cases trying to ensure we can re-assess those which are unblocked by now.
https://github.com/openzfs/zfs/pull/7728
later became
https://github.com/openzfs/zfs/pull/9709

Which also didn't land yet.
Therefore the prerequisite to make this really useful isn't ready yet (even 3 years later) :-/

On the positive side, some zfs forks have picked it up and there was a statement that main-zfs wants to consume it as well.
But then - this dependency tail is endless - they are stating that the kernel work isn't acceptable by upstream.

From there you then find the newest being:
https://github.com/openzfs/zfs/pull/13186

Which is active and ongoing, so maybe this lands in zfs soon'ish and once available there then makes sense to reconsider enabling in our samba builds.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.