[Samba] ZFS samba share not allowing ACL members access
maillists_samba at diversity.nl
maillists_samba at diversity.nl
Sun May 1 07:50:44 UTC 2022
I changed the subject to better reflect my problem.
I am running samba
#testparm --version
Version 4.13.13-Debian
#modinfo zfs | grep version
version: 2.1.2-pve1
srcversion: 0F243348A3846ED6C1A546D
vermagic: 5.13.19-6-pve SMP mod_unload modversions
samba-vfs-modules is already the newest version
(2:4.13.13+dfsg-1~deb11u3)
When setting in the globals section
vfs objects = zfsacl
shares are no longer available and when connecting I get
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
So the goal is to have samba shares allow access to users in the ACL
list on files and folders on ZFS
On 30-04-2022 14:03, Rowland Penny via samba wrote:
> On Sat, 2022-04-30 at 13:04 +0200, maillists_samba--- via samba wrote:
>> a possible important detail I forgot to mention is that the
>> filesystem
>> is ZFS. Does that matter?
>> Just to be complete in info I'll include extra info on how the
>> filesystem is set
>> * acltype=posixacl
>> * aclmode=discard
>> * aclinherit=discard
>
> Is this Freebsd ? If it is, then you require a different VFS module
> 'zfsacl' instead of 'acl_xattr'
>
> You may also need to install 'samba-vfs-modules' if it isn't already
> installed.
>
> You also need to set the ACL's on the share directory and allow
> everyone to get to the share directory.
>
> Rowland
On 11-04-2022 13:02, Rowland Penny via samba wrote:
> On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba wrote:
>> How to allow the owner of a folder that is shared access to that
>> share?
>>
>> I have;
>>
>> Samba version 4.13.13-Debian
>>
>> # testparm -s
>> Load smb config files from /etc/samba/smb.conf
>> Loaded services file OK.
>> Weak crypto is allowed
>> Server role: ROLE_STANDALONE
>>
>> ----------
>> # Global parameters
>> [global]
>> log file = /var/log/samba/log.%m
>> logging = file
>> map to guest = Bad User
>> max log size = 1000
>> obey pam restrictions = Yes
>> pam password change = Yes
>> panic action = /usr/share/samba/panic-action %d
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> passwd program = /usr/bin/passwd %u
>> server role = standalone server
>> unix password sync = Yes
>> usershare allow guests = Yes
>> idmap config * : backend = tdb
>>
>> [proxmox-trx40]
>> comment = Aiii
>> inherit permissions = Yes
>> path = /{redacted}/hypervisors/proxmox/trx40_1
>> read only = No
>> valid users = proxmox
>>
>> ----------
>>
>> ls -l /{redacted}/
>>
>> drwxrwx---+ 3 proxmox proxmox 3 Mar 24 18:04 hypervisors
>
> On the face of it, only 'proxmox' and members of the 'proxmox' group
> can enter the hypervisors directory, but notice the '+' on the end of
> the permissions, this means that you have extended ACLs set. However
> you are missing a parameter in the smb.conf global section.
>
> Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read
> up on 'setfacl' and 'getfacl'.
>
> Rowland
More information about the samba
mailing list