Reshare Samba Mount?

Well,
first things first. Are you able to allow ACL on the network volume?

Not trying to hijack this thread... but.... Is it possible even without ACLs? This would answer some of my questions. Again, not trying to hijack.

OK, this should help - you need to reshare the folder using NFS instead of SMB/CIFS.

First off, re-sharing a volume that uses the smb filesystem is not possible due to the way permissions are calculated for that volume. Regardless of the local filesystem of the volume that houses the share point on your Linux server (ext3 or whatever), that share point's filesystem as it appears to all clients, including your Mac OS X Server computer when it connects as a client, is the smb filesystem. Since that's a network filesystem already, some types of information cannot be "appended" to it. AFP and SMB/CIFS filesystems, when mounted via Go/Connect to Server (or mount_smbfs) will use a set of masked POSIX permissions. (This means that, if you're logged into the server as a local admin - locadmin, for example - and you mount the SMB share point as Sally, then locadmin is the owner of the mount point and its enclosed files. The currently-authenticated user is granted the permissions assigned to the user account used to connect. Hence, permissions masking. This happens in every instance when mounting a volume via SMB/CIFS. It happens when connecting to an AFP share point except when the client is bound to a shared directory system, where the user name authenticated at the login window matches the account used to connect to the share point.)

One of the reasons that you can reshare an NFS volume is that you can tell the other server - your Linux box - to map the connection coming from your Mac OS X Server box to a user with read & write permissions to the NFS export (share point), usually the owner. In this way, any commands sent by Mac OS X are issued as the owner of the NFS export, according to the Linux system's point of view. The main difference here is that, since the mapping is defined on the Linux box's system, Mac OS X does not employ its own permissions masking.

Even so, you may or may not be able to enable ACLs on the NFS mount. You can try issuing sudo fsaclctl -e -a to enable ACLs on all volumes that support them. If you define a local folder as the mount point and use mount_nfs to mount the NFS export from your Linux box, you may be able to use ACLs on it.

Consult your Linux box's directions for creating an NFS export. Most Linux and UNIX systems support standard NFS, so the challenge would be finding directions for your particular system. Since NFS defines permission masking on the server side, there's no "name/password" authentication going on when you connect on your Mac OS X Server system. Instead, when defining the NFS export, you'll tell the Linux system from which IP address the server will be connecting and what kind of mapping to use ("all users to root" would be necessary if you want the Mac OS X Server box to control access). For security reasons, it would be best to isolate the network that connects your Linux box and Mac OS X Server system. Consider using a second Ethernet port in your Mac OS X Server system with a unique private addressing scheme, and construct a two-computer network consisting of just the two servers.

--Gerrit