[Samba] 4.1.7 Server Side Copies & Disk Permissions

Stuart Naylor stuartiannaylor at thursbygarden.org
Mon Apr 28 12:50:02 MDT 2014


Firstly its not really a bug but a lack of documentation.

If you want to use extended server side copies, which are pretty neat then actually no copy happens just the btrfs metadata is changed.

So firstly with no change with btrfs or ext4 or ... server side copies work.

For extended server side copies to use all the niceness of btrfs the vfs objects =  btrfs needs to be set.

Then I had loads of problems with permissions.

This is because the defaults are turned off when you supply vfs objects = btrfs (or any vfs object)
So it needs to be slightly more to bring back in the defaults vfs objects = dfs_samba4, acl_xattr, btrfs

All works but David is the man to ask.

 
 
-----Original message-----
> From:steve <steve at steve-ss.com>
> Sent: Monday 28th April 2014 17:01
> To: samba at lists.samba.org
> Subject: Re: [Samba] 4.1.7 Server Side Copies & Disk Permissions
> 
> On Mon, 2014-04-28 at 15:57 +0200, David Disseldorp wrote:
> > On Tue, 22 Apr 2014 11:46:26 +0200, David Disseldorp wrote:
> > 
> > > > Same as in 4.1.6 and always the same so I will not bother to add a log.
> > > > 
> > > > If you follow http://wiki.samba.org/index.php/Setting_up_a_home_share
> > > > 
> > > > But have vfs objects = btrfs declared all is different.
> > > > 
> > > > You can add users and groups but the default Everyone,  CREATOR GROUP and a Unknown you just can't delete them.
> > > > 
> > > > As soon as you press apply then they are back again.  
> > > 
> > > I expect this is due to the POSIX to Windows Access Control List mapping
> > > behaviour. The Owner, Group and Other entries are always present in a
> > > POSIX ACL. Samba maps these entries to NT ACL entries on retrieval.
> > > 
> > > The vfs_btrfs module doesn't intercept ACL retrieval/manipulation
> > > requests, so you shouldn't see any difference from the default VFS in
> > > this regard.
> > 
> > For the record, the issue is caused by Samba's setting of the
> > "vfs objects" parameter when running as an AD domain controller.
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=10560
> > 
> > If "vfs objects" is not set, then Samba configures the dfs_samba4 and
> > acl_xattr VFS modules. If it is set, then the parameter is left as is.
> > 
> > Which means if a user goes from...
> > 
> > [global]
> > server role = active directory domain controller
> > [share]
> >         path = /samba/samba1/
> >         read only = No
> > 
> > to...
> > 
> > [global]
> > server role = active directory domain controller
> > [share]
> >         path = /samba/samba2/
> >         read only = No
> >         vfs objects = btrfs
> > 
> > ...then the acl_xattr module is implicitly disabled, breaking the users
> > existing ACL<->xattr mapping setup.
> > 
> > AFAICT, this behaviour is currently undocumented.
> 
> Ah. So GPOs and using the DC as a file server for user shares won't work
> with btrfs? Or only until 10560 is solved?
> Thanks
> 
> 
> 
> 


More information about the samba mailing list