[Samba] Listing behaviour in 4.18
Ilias Chasapakis forumZFD
chasapakis at forumZFD.de
Sun Feb 11 12:36:18 UTC 2024
In order to give a better overview of our setup:
We have samba ADs connected to separate ctdb cluster with nodes that
mount a glusterfs volume formed by a set of bricks. We use windows AD
manager to set permissions/inheritance etc. on files and dirs.
vfs objects is set to acl_xattr in global settings.
As I am not sure of which further information about the current setup
may help investigating this, I would be glad to have any feedback and
supply those.
Am 06.02.24 um 22:05 schrieb Andrew Bartlett via samba:
> So 4.18.10 has this fix of the bug as observed in that respect, but I
> think you are seeing a broader example of that issue.
> NFS4 in this context is not actual NFS, but a type of unix filesystem
> permission system closely modelled on NT ACLs, deployed in many
> filesystems Samba uses, as the translation is much more direct.
> But even without that, it may be we are seeing the same issues, say for
> looking up extended attributes for the dos attributes perhaps?
> Can you make a bugzilla report (I've given you an invite), referencing
> (see also) this bug?
> It won't guarantee a fix (see Samba commercial support for assured ways
> of getting that) bug will at least have it tracked.
> Andrew Bartlett
> On Tue, 2024-02-06 at 15:17 +0100, Ilias Chasapakis forumZFD via samba
> wrote:
>> Dear Rowland,
>> Thank you for your answer. We hoped that 4.18.10 that was recently
>> released would include some change on this regard, but unfortunately
>> not.
>> We are in a quite difficult position to explain this to users and
>> asking to whom creates a folder structure for first to create a text
>> file with the names of the folders for the colleagues to see, it is
>> really quite a workaround we would like to avoid as it adds useless
>> overhead to the process of applying for rights to a folder.
>> Is there any idea about something we can tweak in ACLs or in the
>> samba conf that could bring back the original behaviour of listing
>> for users that don´t have access? I.e. list the folder and just
>> produce the "access denied" message?(as mentioned in the initial
>> message access based share enum = no, hide unreadable = no are set
>> but did not apply. Do we miss something there or are those deprecated
>> anyway?)
>> BestIlias
>> Am 23.01.24 um 18:21 schrieb Rowland Penny via samba:
>>> On Tue, 23 Jan 2024 17:20:22 +0100Ilias Chasapakis forumZFD via
>>> samba <samba at lists.samba.org> wrote:
>>>> Dear all,
>>>> Passing from samba 4.17 to 4.18 we noticed a change in behaviour
>>>> infolder/files listing.
>>>> In 4.17 when someone had read and open rights for a folder but
>>>> nowrite/modify access then the folder would be visible but
>>>> clicking onany "non-accessible" resource resulted in a message
>>>> notifying that noaccess was granted.
>>>> Since 4.18 the folder is simply completely invisible. I don´ t
>>>> argueabout this being "correct" behaviour or not. It is just that
>>>> ourusers where just used to having the whole list and knowing
>>>> what is inthere (and eventually ask access to it to us or the
>>>> relevantdepartment that then forwards to us).
>>>> Is there a way to have that "old behaviour" back while still
>>>> usingsamba 4.18? We tried the options suggested in some forums
>>>> (accessbased share enum = no, hide unreadable = no) for the
>>>> sambaconfiguration to no avail. Is there actually some option or
>>>> any otherACL setting technique that can bring back that
>>>> behaviour?
>>> I wonder if you have run into the fall out from fixing bug 15093 ?
>>> https://bugzilla.samba.org/show_bug.cgi?id=15093
>>>
>>> I know that you haven't mentioned NFS, but it is the only thing
>>> that Ican think of that seems to have relevance.
>>> Rowland
>> -- forumZFDEntschieden für Frieden | Committed to Peace
>> Ilias ChasapakisReferent IT | IT Consultant
>> Forum Ziviler Friedensdienst e.V. | Forum Civil Peace ServiceAm
>> Kölner Brett 8 | 50825 Köln | Germany
>> Tel 0221 91273243 | Fax 0221 91273299 | http://www.forumZFD.de
>>
>> Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive
>> Board:Alexander Mauz, Sonja Wiekenberg-Mlalandle, Jens von BargenVR
>> 17651 Amtsgericht Köln
>> Spenden|Donations: IBAN DE90 4306 0967 4103 7264 00 BIC GENODEM1GLS
--
forumZFD
Entschieden für Frieden | Committed to Peace
Ilias Chasapakis
Referent IT | IT Consultant
Forum Ziviler Friedensdienst e.V. | Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273243 | Fax 0221 91273299 | http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Alexander Mauz, Sonja Wiekenberg-Mlalandle, Jens von Bargen
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE90 4306 0967 4103 7264 00 BIC GENODEM1GLS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20240211/4c7b4b49/OpenPGP_signature.sig>
More information about the samba
mailing list