Migrating from NFS, no symlink support?

[arter97]

Hi, everyone.

I'm currently looking into deploying ksmbd to replace NFS to see if it improves performance for my workload.

The workload I'm mainly concerned about involves running a lot of parallel processes (16-128) to randomly access Git objects (on NVMe drive), NFS quickly gets bounded by CPU, instead of I/O or network. I'll share the performance results if I get it all setup properly.

The main issue I'm having currently is the symlink support.

I'm looking into replacing NFS with ksmbd, so I don't have to worry about Windows/dos compatibility, and I cannot compare it with a Samba setup as it doesn't seem to support POSIX extensions properly yet (!).

The host file-system is ZFS, but that shouldn't matter.

Here's the smb.conf file used by ksmbd:

[global]
	server min protocol = SMB3_11
	bind interfaces only = yes
	interfaces = enp218s0f0
	smb3 encryption = no

[mirror]
	path = /zfs
	guest ok = yes
	read only = yes
	browseable = no
	store dos attributes = no
	force user = root
	force group = root
	hide dot files = no
	vfs objects = acl_xattr streams_xattr

Mount command:
mount -t cifs -o guest,nobrl,ro,cache=loose,linux,setuids,perm,cifsacl,locallease //10.150.21.10/mirror /tmp/smb

Symbolic links are replaced with unreadable 777 files:

root@arter97-x1:/tmp/smb/mirror# ll
total 37
drwxr-xr-x 8 root    root     9 Jun 21 14:56 ./
drwxr-xr-x 7 root    root     7 Jun 21 00:00 ../
drwxr-xr-x 4 arter97 arter97  4 Jan 11 16:37 aosp/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 caf/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 kernel/
drwxr-xr-x 7 root    root    12 Jun 17 19:37 pa_gms/
drwxr-xr-x 2 root    root     2 Jan 11 16:34 qssi/
drwxr-xr-x 7 root    root    12 Jun 12 04:52 sdclang/
-rwxrwxrwx 1 root    root     4 Jun 21 14:56 test*
root@arter97-x1:/tmp/smb/mirror# cat test
cat: test: Permission denied
root@arter97-x1:/tmp/smb/mirror# file test
test: cannot open `test' (Permission denied)

On the host machine, "test" is a symlink to "qssi":

root@arter97-x1:/zfs/mirror# ll
total 37
drwxr-xr-x 8 arter97 arter97  9 Jun 21 05:56 ./
drwxr-xr-x 7 root    root     7 Jun 20 15:00 ../
drwxr-xr-x 4 arter97 arter97  4 Jan 11 07:37 aosp/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 caf/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 kernel/
drwxr-xr-x 7 root    root    12 Jun 17 10:37 pa_gms/
drwxr-xr-x 2 root    root     2 Jan 11 07:34 qssi/
drwxr-xr-x 7 root    root    12 Jun 11 19:52 sdclang/
lrwxrwxrwx 1 root    root     4 Jun 21 05:56 test -> qssi/

I was looking forward to deploying ksmbd for a long time, but we need this to be resolved to deploy properly.

Is this a protocol limitation? (A major bummer, if so)

Thanks.

[namjaejeon]

Early versions of ksmbd supported symlinks(read-only). While upstream ksmbd, I have got an opinion from the samba team that symlinks is very vulnerable to security issues and that it is better to remove them and not support them. And for full compatibility between Linux and Windows, symlinks must be re-implemented using SMB reparse points. First, I need the time to start working it.

[alexmyczko]

I wanted to use and share https://sbgrid.org/ with ksmbd for macOS. It is full of symlinks and when trying to access it is permission denied.