[Samba] 4.1.7 Server Side Copies & Disk Permissions

Rowland Penny rowlandpenny at googlemail.com
Mon Apr 28 08:23:40 MDT 2014 

On 28/04/14 14:57, David Disseldorp wrote:
> On Tue, 22 Apr 2014 11:46:26 +0200, David Disseldorp wrote:
>
>>> Same as in 4.1.6 and always the same so I will not bother to add a log.
>>>
>>> If you follow http://wiki.samba.org/index.php/Setting_up_a_home_share
>>>
>>> But have vfs objects = btrfs declared all is different.
>>>
>>> You can add users and groups but the default Everyone,  CREATOR GROUP and a Unknown you just can't delete them.
>>>
>>> As soon as you press apply then they are back again.
>> I expect this is due to the POSIX to Windows Access Control List mapping
>> behaviour. The Owner, Group and Other entries are always present in a
>> POSIX ACL. Samba maps these entries to NT ACL entries on retrieval.
>>
>> The vfs_btrfs module doesn't intercept ACL retrieval/manipulation
>> requests, so you shouldn't see any difference from the default VFS in
>> this regard.
> For the record, the issue is caused by Samba's setting of the
> "vfs objects" parameter when running as an AD domain controller.
>
> https://bugzilla.samba.org/show_bug.cgi?id=10560
>
> If "vfs objects" is not set, then Samba configures the dfs_samba4 and
> acl_xattr VFS modules. If it is set, then the parameter is left as is.

If you provision Samba 4 as an AD DC, then  'vfs objects' is set, it 
just doesn't show in smb.conf. If you run 'testparm' , you will find 
(under global) this:

'vfs objects = dfs_samba4, acl_xattr'

So, from this, setting 'vfs objects = btrfs' in a share, is turning off 
the two default vfs objects, I think this means that you actually should 
be adding 'vfs objects = dfs_samba4, acl_xattr, btrfs' to the global 
section.

Rowland

>
> Which means if a user goes from...
>
> [global]
> server role = active directory domain controller
> [share]
>          path = /samba/samba1/
>          read only = No
>
> to...
>
> [global]
> server role = active directory domain controller
> [share]
>          path = /samba/samba2/
>          read only = No
>          vfs objects = btrfs
>
> ...then the acl_xattr module is implicitly disabled, breaking the users
> existing ACL<->xattr mapping setup.
>
> AFAICT, this behaviour is currently undocumented.
>
> Cheers, David

More information about the samba mailing list