Samba4 s3fs problem

Andrew Bartlett abartlet at samba.org
Thu May 10 20:58:19 MDT 2012 

On Thu, 2012-05-10 at 12:59 +0200, steve wrote:
> On 10/05/12 12:42, Andrew Bartlett wrote:
> > On Thu, 2012-05-10 at 11:18 +0200, steve wrote:
> >> Hi
> >> Every new file created under s3fs by any user has group ownership of
> >> 100. (maps to 'users' in Linux)
> >>
> >> Would it be possible to have the file that is created have group
> >> membership of the primary group of the user?
> >
> > This is the group that we map 'domain users' to by default.  Domain
> > Users is in turn also the default primaryGroupID value.
> >
> > I know you have been changing the primaryGroupID, so this might not hold
> > true for your site, but this is the first thing I would check.
> >
> > Andrew Bartlett
> >
> Hi Andrew
> 
> We have not changed any primaryGroupID but we have found out why the 
> group mappings were always 100
> 
> Domain Users has xid 100 in idmap.ldb. We changed that to what our 
> actual ginNumber and all was well. wbinfo -i and getent group gave the 
> same gidNumber and uidNumber
> 
> So I can see that rather than pull the gidNumber from the dn of the 
> group, s3fs now pulls it as the xid in idmapd.ldb.

Indeed, Samba 4.0 as an AD DC has always had this behaviour.  s3fs
maintains this critical behaviour in line with what the NTVFS server
does. 

> Anyway, all is now back to normal except we are experiencing many 
> problems getting a group rw share where members of a group create files 
> rw-rw. It seems that the posix acl to do this (which works on Linux 
> clients) is not understood by windows: only the owner of the file can 
> edit it even though it appears rwxrwx--x when created in windows. Under 
> Linux the file is correctly created according to the acl: rw-rw
> 
> Should setting a posix acl on the server be understood by windows?

It should be, unless an NT ACL has been set by Windows clients against
the NTVFS server, in which case that will overrule.

Have you tried changing the permissions via Windows?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list