search

cifsd-team / ksmbd

ksmbd kernel server(SMB/CIFS server)
151 stars 23 forks source link

Migrating from NFS, no symlink support? #562

Open arter97 opened 2 years ago

arter97 commented 2 years ago

Hi, everyone.

I'm currently looking into deploying ksmbd to replace NFS to see if it improves performance for my workload.

The workload I'm mainly concerned about involves running a lot of parallel processes (16-128) to randomly access Git objects (on NVMe drive), NFS quickly gets bounded by CPU, instead of I/O or network. I'll share the performance results if I get it all setup properly.

The main issue I'm having currently is the symlink support.

I'm looking into replacing NFS with ksmbd, so I don't have to worry about Windows/dos compatibility, and I cannot compare it with a Samba setup as it doesn't seem to support POSIX extensions properly yet (!).

The host file-system is ZFS, but that shouldn't matter.

Here's the smb.conf file used by ksmbd:

[global]
    server min protocol = SMB3_11
    bind interfaces only = yes
    interfaces = enp218s0f0
    smb3 encryption = no

[mirror]
    path = /zfs
    guest ok = yes
    read only = yes
    browseable = no
    store dos attributes = no
    force user = root
    force group = root
    hide dot files = no
    vfs objects = acl_xattr streams_xattr

Mount command: mount -t cifs -o guest,nobrl,ro,cache=loose,linux,setuids,perm,cifsacl,locallease //10.150.21.10/mirror /tmp/smb

Symbolic links are replaced with unreadable 777 files:

root@arter97-x1:/tmp/smb/mirror# ll
total 37
drwxr-xr-x 8 root    root     9 Jun 21 14:56 ./
drwxr-xr-x 7 root    root     7 Jun 21 00:00 ../
drwxr-xr-x 4 arter97 arter97  4 Jan 11 16:37 aosp/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 caf/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 kernel/
drwxr-xr-x 7 root    root    12 Jun 17 19:37 pa_gms/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 qssi/
drwxr-xr-x 7 root    root    12 Jun 12 04:52 sdclang/
-rwxrwxrwx 1 root    root     4 Jun 21 14:56 test*
root@arter97-x1:/tmp/smb/mirror# cat test
cat: test: Permission denied
root@arter97-x1:/tmp/smb/mirror# file test
test: cannot open `test' (Permission denied)

On the host machine, "test" is a symlink to "qssi":

root@arter97-x1:/zfs/mirror# ll
total 37
drwxr-xr-x 8 arter97 arter97  9 Jun 21 05:56 ./
drwxr-xr-x 7 root    root     7 Jun 20 15:00 ../
drwxr-xr-x 4 arter97 arter97  4 Jan 11 07:37 aosp/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 caf/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 kernel/
drwxr-xr-x 7 root    root    12 Jun 17 10:37 pa_gms/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 qssi/
drwxr-xr-x 7 root    root    12 Jun 11 19:52 sdclang/
lrwxrwxrwx 1 root    root     4 Jun 21 05:56 test -> qssi/

I was looking forward to deploying ksmbd for a long time, but we need this to be resolved to deploy properly.

Is this a protocol limitation? (A major bummer, if so)

Thanks.

namjaejeon commented 2 years ago

Early versions of ksmbd supported symlinks(read-only). While upstream ksmbd, I have got an opinion from the samba team that symlinks is very vulnerable to security issues and that it is better to remove them and not support them. And for full compatibility between Linux and Windows, symlinks must be re-implemented using SMB reparse points. First, I need the time to start working it.

alexmyczko commented 4 months ago

I wanted to use and share https://sbgrid.org/ with ksmbd for macOS. It is full of symlinks and when trying to access it is permission denied.