Bug #15783

client: enable acls by default

Added by Eric Eastman over 6 years ago. Updated over 1 year ago.

Target version:
% Done:


Community (user)
3 - minor
Affected Versions:
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):


I found while doing some SAMBA testing using Jewel on both a kernel mounted and fuse mounted Ceph File system that ACLs cannot be set on directories on the fuse mounted Ceph file system. SAMBA gave the following error in the smbd log file, with log level = 20 when I tried to add an additional user to have access to a directory:

2016/05/07 23:41:19.213997, 10, pid=2823630, effective(2000501,2000514), real(2000501, 0)]../source3/modules/vfs_posixacl.c:92(posixacl_sys_acl_set_file)  Calling acl_set_file: New folder (4), 0 [2016/05/07 23:41:19.214170, 10, pid=2823630, effective(2000501,2000514),real(2000501, 0)]../source3/modules/vfs_posixacl.c:111 (posixacl_sys_acl_set_file)  acl_set_file failed: Operation not supported

This same SAMBA test works without errors on the same Ceph file system if it is kernel mounted.

A simple test of setting an ACL from the command line to a fuse mounted Ceph file system also fails:

# mkdir /cephfsFUSE/x
# setfacl -m d:o:rw /cephfsFUSE/x
setfacl: /cephfsFUSE/x: Operation not supported

The same test to the same Ceph file system using the kernel mount method works.

This was first reported on the ceph-user email list:

Test setup info:
ceph -v
ceph version 10.2.0 (3a9fba20ec743699b69bd0181dd6c54dc01c64b9)

Ubuntu version is 14.04 with the 4.6rc4 PPA kernel:
uname -a
Linux ede-c1-gw04 4.6.0-040600rc4-generic #201604172330 SMP Mon Apr 18 03:32:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Samba version 4.4.2

Ceph file system mount info:
grep ceph /proc/mounts,, /cephfs ceph rw,noatime,name=cephfs,secret=<hidden>,acl 0 0
ceph-fuse /cephfsFUSE fuse.ceph-fuse rw,noatime,user_id=0,group_id=0,default_permissions,allow_other 0 0

I put instructions on how I built SAMBA, the smb.conf file, /etc/fstab, and the ceph.conf file in pastebin at:


#1 Updated by Zheng Yan over 6 years ago

  • Status changed from New to 4

To enable ACL support, you need to add "--fuse_default_permission=0 --client_acl_type=posix_acl" options to ceph-fuse.

#2 Updated by Greg Farnum over 6 years ago

Is there some reason we shouldn't make those the default behaviors at this point?

#3 Updated by Greg Farnum about 6 years ago

  • Category set to Administration/Usability
  • Assignee set to Zheng Yan


#4 Updated by Patrick Donnelly over 4 years ago

  • Subject changed from Cannot set ACLs on FUSE mounted ceph file to client: enable acls by default
  • Assignee changed from Zheng Yan to Patrick Donnelly
  • Target version set to v13.0.0
  • Component(FS) Client added

#5 Updated by Patrick Donnelly over 4 years ago

  • Priority changed from Normal to Urgent
  • Target version changed from v13.0.0 to v14.0.0

#6 Updated by Patrick Donnelly about 4 years ago

  • Status changed from 4 to New

#7 Updated by Patrick Donnelly over 3 years ago

  • Assignee changed from Patrick Donnelly to Rishabh Dave

#8 Updated by Patrick Donnelly over 3 years ago

  • Status changed from New to In Progress
  • Priority changed from Urgent to Normal
  • Target version changed from v14.0.0 to v15.0.0
  • Start date deleted (05/09/2016)

#9 Updated by Patrick Donnelly over 2 years ago

  • Target version deleted (v15.0.0)

#10 Updated by Rishabh Dave over 1 year ago

  • Status changed from In Progress to New

Also available in: Atom PDF