When I mount CIFS share with vers=1.0
I can perform getcifsacl
sucessfully.
# mount -t cifs //example.com/Users/milo /mnt/cifs -o vers=1.0
# getcifsacl /mnt/cifs/file.png
REVISION:0x1
CONTROL:0x8504
OWNER:S-1-5-21-1111111111-222222222-33333333-11824
GROUP:S-1-5-21-1111111111-222222222-33333333-513
ACL:S-1-5-21-1111111111-222222222-33333333-11824:ALLOWED/I/FULL
ACL:S-1-5-21-1111111111-222222222-33333333-3200:ALLOWED/I/FULL
ACL:NT Authority\SYSTEM:ALLOWED/I/FULL
But when I mount with vers=2.0
, or 2.1
, or 3.0
, ACL reading fails.
getxattr error: 95
REVISION:0x0
CONTROL:0x0
OS is Debian Stretch (9.6), cifs-utils package 2:6.7-1. CIFS share is from Nettapp data store. Mounts from Windows XP, 8, 10 works fine.
Why getcifsacl
depends on SMB protocol version? Can I read ACL via newer SMB protocol?
Best Answer
To get it work, one need newer kernel and newer cifs-utils.
Reading an ACL by
getcifsacl
and setting it bysetcifsacl
with mount versions 2.0, 2.1 or 3.0 works well with kernel4.19.0-0.bpo.1-amd64
(backport for Debian Strech) and cifs-utils versioncifs-utils-6.8
(git tag). All utils work with kernel 4.20.4 too.I received solution hints in samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2019-January/132176.html