Samba4 s3fs problem
steve
steve at steve-ss.com
Fri May 11 01:27:48 MDT 2012
On 05/11/2012 04:58 AM, Andrew Bartlett wrote:
> On Thu, 2012-05-10 at 12:59 +0200, steve wrote:
>> On 10/05/12 12:42, Andrew Bartlett wrote:
>>> On Thu, 2012-05-10 at 11:18 +0200, steve wrote:
>>>> Hi
>>>> Every new file created under s3fs by any user has group ownership of
>>>> 100. (maps to 'users' in Linux)
>>>>
>>>> Would it be possible to have the file that is created have group
>>>> membership of the primary group of the user?
>>> This is the group that we map 'domain users' to by default. Domain
>>> Users is in turn also the default primaryGroupID value.
>>>
>>> I know you have been changing the primaryGroupID, so this might not hold
>>> true for your site, but this is the first thing I would check.
>>>
>>> Andrew Bartlett
>>>
>> Hi Andrew
>>
>> We have not changed any primaryGroupID but we have found out why the
>> group mappings were always 100
>>
>> Domain Users has xid 100 in idmap.ldb. We changed that to what our
>> actual ginNumber and all was well. wbinfo -i and getent group gave the
>> same gidNumber and uidNumber
>>
>> So I can see that rather than pull the gidNumber from the dn of the
>> group, s3fs now pulls it as the xid in idmapd.ldb.
> Indeed, Samba 4.0 as an AD DC has always had this behaviour. s3fs
> maintains this critical behaviour in line with what the NTVFS server
> does.
>
>> Anyway, all is now back to normal except we are experiencing many
>> problems getting a group rw share where members of a group create files
>> rw-rw. It seems that the posix acl to do this (which works on Linux
>> clients) is not understood by windows: only the owner of the file can
>> edit it even though it appears rwxrwx--x when created in windows. Under
>> Linux the file is correctly created according to the acl: rw-rw
>>
>> Should setting a posix acl on the server be understood by windows?
> It should be, unless an NT ACL has been set by Windows clients against
> the NTVFS server, in which case that will overrule.
>
> Have you tried changing the permissions via Windows?
>
> Andrew Bartlett
>
Hi
Yes. We tried changing permissions in windows but it makes a mess of the
acl. Could you have a look at this for us?only = No
We have a share:
[reports]
path = /data/reports
read only = No
this is how I created it:
mkdir reports
chmod 0770 reports
chgrp staff reports
chmod g+s reports
setfacl -d -Rm g::rwx reports
ls -l
total 4
drwxrws---+ 2 root staff 4096 May 11 09:03 reports
getfacl reports
# file: reports
# owner: root
# group: staff
# flags: -s-
user::rwx
group::rwx
other::---
default:user::rwx
default:group::rwx
default:other::---
On Linux, any file created in the share becomes rw-rw. Correct.
Under s3fs without touching the properties > security tab, only the
owner of the file can edit it. Touching anything on the security tab in
Windows totally messes up the acl we had originally set and still will
not allow group edit unless we set permissions at 0777.
It seems that the group rw has been lost.
Can you help us with this problem?
Summary:
Linux clients via nfs: the acl that was set set on the server works as
expected. Group rw.
Windows xp and 7 clients: only the user who created the file can edit
it. The group rw acl is not honoured.
Cheers,
Steve
More information about the samba-technical
mailing list