Hacker News new | past | comments | ask | show | jobs | submit login

If you setup SMB right (TrueNAS configures this out of the box, SCALE is great if you need a Linux NAS), you can use Windows Shadow Copies to access ZFS snapshots and browse or restore file contents from them.



Also possible with BTRFS. I set this up once for a small business with hourly snapshots during working hours. This way users could just restore older versions of files they accidentally deleted, overwrote or messed up in some other way. Another benefit: Those snapshots were read-only, so they also served as a protection against ransomware.


I don't think BTRFS supports NFSv4 ACLs yet (ie, Windows ACLs are natively supported on ZFS, there is patchset so Linux also supports it but BTRFS obviously has no integration for a patchset that only exists for ZFS).

Having NFSv4 ACL access is a huge plus since you can configure permissions natively from windows and have them enforced even on the shell.


Not sure how Synology implemented it, but they do support Windows ACLs on btrfs volumes.


They likely use XATTRs to store the ACL (that is an option in Samba), but it's not native like it's on the TrueNAS systems with the kernel. I bet if you log into the Syno's via SSH you don't get the ACLs enforced on the shell. With the NFSv4 ACL patchseries, they would and you could benefit from the better options that the NFSv4 ACLs give you.

Storing them in metadata is not the same as having them natively.


They maintain their own kernel module to handle ACLs (synoacl_vfs) and they are indeed enforced locally as well. They can be read and modified by using the `synoacltool` cli.

  $ synoacltool -get .config
  ACL version: 1 
  Archive: is_inherit,is_support_ACL 
  Owner: [semiotic(user)] 
  --------------------- 
   [0] user:semiotic:allow:rwxp-DaARWc--:fd-- (level:1)
   [1] group:users:allow:r-x---a-R-c--:fd-- (level:1)


Is that kernel module open source? One of the advantages of what TrueNAS did is that I can patch it into my own kernels if I'd need to. Plus being compatible to the NFSv4 ACL binary format, so it works via NFS too. Also handling Active Directory would be important there.


Not sure about the module being open-source, but running custom kernels is not really a thing on Synology. They seem to integrate SoC BSPs into kernels for each specific model, and they do not seem to port them across versions. Different models use different kernel versions in the same DSM (Synology distro) version.

The ACLs do work via NFS and it also works with Active Directory. They ship an AD implementation too, if you are interested in that (it is actually Samba in AD mode).


Well, TrueNAS Scale isn't exactly designed to be run on a SoC, it's more of a normal linux distro for NAS/SAN Servers. Hence most of it is open source and there is active upstreaming efforts. Plus the entire ACL thing is native to ZFS already, it's just the glue layer that's missing in Linux. For Linux it's presented in an XAttr for compatibility, for Solaris it's part of the proper permission bit fields.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: