Hello Robert, Am 09.12.22 um 08:55 schrieb Robert Elz:
| - packets from pkgsrc (like samba) will continue to have the | corresponding options disabled by default Those packages could have warnings in DESCR and MESSAGE (or whatever it is called) advising of the need for FFSv2ea for full functionality. How does samba (and anything else like it) deal with this - if it is a compile time option, then since NetBSD supports EAs (and hence the sys call interface exists) EA support in samba should be enabled. More likely it is to be a run time problem, as whether a filesys has EA support or not will vary, some might, others not, so whether samba can provide EA functionality will tend to vary file by file (or at least directory by directory) - given that, a solid warning that FFSv2ea support is needed in the samba man page (or other doc) for NetBSD should allow users to know what to do.
That's right - on NetBSD 10, the necessary library functions for managing ACLs are available and linked to Samba at compile time. This currently has to be enabled manually via the acl compile option - I've had this in my custom builds for a few months now.
A Samba version compiled this way works in standalone mode even without an ACL-capable file system. Error messages about the missing ACL support of the operating system only occur when it is supposed to be used as Active Directory Domain Controller. The first place where this usually occurs is when you initialize the structures for the AD in the file system with "samba-tool domain provision" (mainly affects the directory sysvol).
I therefore agree with you - a corresponding note in the MESSAGE would be sufficient. Especially since even on a system without EA/ACL on the root file system, for example, a separate partition for the sysvol can be mounted with ACLs. This is how I have currently implemented this on my domain controllers - primarily for historical reasons and in order not to expose the root file system to the risks of the "fresh" EA implementation that still existed at that time.
Kind regards Matthias
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature