[Samba] File permissions getting destroyed with M$ software on ZFS

CJ Keist cj.keist at colostate.edu
Fri Oct 1 08:15:17 MDT 2010 

  All,
     Running Samba 3.5.4 on Solaris 10 with ZFS file system.  I have 
issues where we have shared group folders.  In these folders a userA in 
GroupA create file just fine with the correct inherited permissions 
660.  Problem is when userB in GroupA reads and modifies that file, with 
M$ office apps, the permissions get whacked to 060+ and the file becomes 
read only by everyone.
    I did google this and found exactly someone else with the same 
problem with a fix! But the fix is not working for me, so looking for 
some more help and incite to this problem.

The following are the two URLs I found which looked like a fix to my 
problem:

http://lists.samba.org/archive/samba/2008-November/145094.html
https://bugzilla.samba.org/show_bug.cgi?id=6050

I have implemented those settings, but I still see the problem of the 
file permissions getting whacked.

Here is my conf file:

[global]
     workgroup = ENGR_DOM
     server string = Samba Server
     interfaces = e1000g0, lo0
     bind interfaces only = Yes
     security = DOMAIN
     passdb backend = smbpasswd
     client NTLMv2 auth = Yes
     map untrusted to domain = Yes
     log level = 1
     log file = /var/log/samba/logs/log.%m
     name resolve order = host bcast
     unix extensions = No
     max open files = 10000
     load printers = No
     domain master = No
     dns proxy = No
     lock spin time = 3
     veto oplock files = 
/*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/
     strict locking = No

[homes]
     comment = Home Directories
     read only = No
     create mask = 0640
     directory mask = 0751
     force directory mode = 0751
     directory security mask = 0750
     inherit permissions = Yes
     inherit owner = Yes
     browseable = No
     level2 oplocks = No
     vfs objects = zfsacl
     nfs4:acedup = merge
     nfs4:mode = special

[ens]
     comment = ENS Groups
     path = /XKA2/admin/ENS
     valid users = +admin
     force group = admin
     read only = No
     create mask = 0770
     directory mask = 02770
     inherit permissions = Yes
     inherit acls = Yes
     map archive = No
     map readonly = permissions
     vfs objects = zfsacl
     nfs4:acedup = merge
     nfs4:mode = special

The issue is in the ENS share.  I also have the ZFS file system aclmode 
and aclinherit set to passthrough, see output of zfs get all:

kame % zfs get all fsdata/admin/ENS
NAME              PROPERTY              VALUE                  SOURCE
fsdata/admin/ENS  type                  filesystem             -
fsdata/admin/ENS  creation              Mon Mar 15 14:47 2010  -
fsdata/admin/ENS  used                  73.6G                  -
fsdata/admin/ENS  available             9.35T                  -
fsdata/admin/ENS  referenced            73.6G                  -
fsdata/admin/ENS  compressratio         1.15x                  -
fsdata/admin/ENS  mounted               yes                    -
fsdata/admin/ENS  quota                 none                   default
fsdata/admin/ENS  reservation           none                   default
fsdata/admin/ENS  recordsize            64K                    inherited 
from fsdata/admin
fsdata/admin/ENS  mountpoint            /XKA2/admin/ENS        inherited 
from fsdata
fsdata/admin/ENS  sharenfs              rw,anon=0              inherited 
from fsdata/admin
fsdata/admin/ENS  checksum              on                     default
fsdata/admin/ENS  compression           on                     inherited 
from fsdata
fsdata/admin/ENS  atime                 off                    inherited 
from fsdata
fsdata/admin/ENS  devices               on                     default
fsdata/admin/ENS  exec                  on                     default
fsdata/admin/ENS  setuid                on                     default
fsdata/admin/ENS  readonly              off                    default
fsdata/admin/ENS  zoned                 off                    default
fsdata/admin/ENS  snapdir               hidden                 default
fsdata/admin/ENS  aclmode               passthrough            inherited 
from fsdata/admin
fsdata/admin/ENS  aclinherit            passthrough            inherited 
from fsdata/admin
fsdata/admin/ENS  canmount              on                     default
fsdata/admin/ENS  shareiscsi            off                    default
fsdata/admin/ENS  xattr                 on                     default
fsdata/admin/ENS  copies                1                      default
fsdata/admin/ENS  version               4                      -
fsdata/admin/ENS  utf8only              off                    -
fsdata/admin/ENS  normalization         none                   -
fsdata/admin/ENS  casesensitivity       sensitive              -
fsdata/admin/ENS  vscan                 off                    default
fsdata/admin/ENS  nbmand                off                    default
fsdata/admin/ENS  sharesmb              off                    default
fsdata/admin/ENS  refquota              none                   default
fsdata/admin/ENS  refreservation        none                   default
fsdata/admin/ENS  primarycache          all                    default
fsdata/admin/ENS  secondarycache        all                    default
fsdata/admin/ENS  usedbysnapshots       0                      -
fsdata/admin/ENS  usedbydataset         73.6G                  -
fsdata/admin/ENS  usedbychildren        0                      -
fsdata/admin/ENS  usedbyrefreservation  0                      -

Has there been any other development on this issue?


-- 
C. J. Keist                     Email: cj.keist at colostate.edu
Systems Group Manager           Phone: 970-491-0630
Engineering Network Services    Fax:   970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301

All I want is a chance to prove 'Money can't buy happiness'

More information about the samba mailing list