Can I retrieve ACLs from Windows share with getfacl or only smbcacl?
Hi,
I have a RHEL 5 server and Windows Server 2003 used for storage. Both are joined to a Windows Server 2003 Active Directory domain with Identity Management for Unix (MSIMU) installed.
A Windows share from the W2k3 Server is mounted on the RHEL 5 server via cifs, and am trying to determine the best way to retrieve and modify Windows ACLs of files on the storage server from the RHEL server.
I am able to retrieve, set, and modify Windows ACL permissions for specific files on the Windows server using the 'smbcacls' command; however, this command is somewhat inefficient and I am wondering if it would be possible to use the "getfacl" and "setfacl" commands instead to retrieve the Windows ACLs. So far I have not been able to make this work, so I wonder if it is simply a limitation, or if perhaps recompiling the cifs.ko module with "ACL support" might yield different results (suggest by RedHat, although I'm not sure I believe this will solve anything).
From what I understand, get/setfacl is designed for retrieving POSIX ACLs from local file systems (such as EXT3) and from Samba shares, i.e. from another Linux file server. So while get/setfacl supposedly will work for Linux smb file systems, they will not work for setting acls on a Windows share. Moving our Windows server to Linux is not an option.
Has anyone been able to make a scenario like this work, or is 'smbcacls' my only hope?
|