[Samba] Re: Re: DC2 denies access when saving
Min Wai Chan
dcmwai at gmail.com
Sat Nov 8 10:24:58 MST 2014
Yep...
Just like the original issue report by Megas.
But with your suggested changes...
Which is odd...
On Sun, Nov 9, 2014 at 1:01 AM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 08/11/14 16:50, Min Wai Chan wrote:
>
>> Dear Louis and Rowland,
>>
>> I've try to do as suggested
>>
>> /root/.unison/default.prf
>> remove
>> perms=0
>> add
>> owner=true
>> group=true
>>
>> But still the problem on folder removed still happen...
>>
>> Strange...
>>
>>
>> On Mon, Nov 3, 2014 at 8:54 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
>>
>> Hai,
>>>
>>> Ok, this is an option also then.
>>> I'll go test this also, and if this works better, then lets adopt it.
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>> -----Oorspronkelijk bericht-----
>>>> Van: rowlandpenny at googlemail.com
>>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>>> Verzonden: maandag 3 november 2014 12:16
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Re: Re: DC2 denies access
>>>> when saving
>>>>
>>>> On 03/11/14 08:12, L.P.H. van Belle wrote:
>>>>
>>>>> Hai,
>>>>>
>>>>> Guys, some extra understanding.
>>>>>
>>>>> This is what I cannot really understand, why use the rsync
>>>>>>
>>>>> command at
>>>>
>>>>> all, as it would seem that unison uses rsync itself to do
>>>>>>
>>>>> the copying,
>>>>
>>>>> Rsync is use-ed to create the right direcotie structure with
>>>>>
>>>> all the needed ACL and ATTRS.
>>>>
>>>>> Unison cant do that ( yet ) but unison can do bidirectional
>>>>>
>>>> sync of files.
>>>>
>>>>> and together you get what we need.
>>>>>
>>>>>
>>>>> OK, after reading the unison manpage several times, I think
>>>>>>
>>>>> I have it,
>>>>
>>>>> >from /root/.unison/default.prf remove 'perms=0' and add
>>>>>
>>>> 'owner=true' &
>>>>
>>>>> 'group=true' . This seems to fix the problem.
>>>>>>
>>>>> That can be but should not be needed.
>>>>>
>>>>> remember, that i dont look het the rights on linux, and
>>>>>
>>>> mainly because of that sysvol
>>>>
>>>>> is only used for windows.
>>>>>
>>>>> So idmappping not needed, rights, copied from DC1 to DC2 may
>>>>>
>>>> see different, but !
>>>>
>>>>> not in windows.
>>>>>
>>>>> and if you want it really only for windows, and dont look to
>>>>>
>>>> much in the underlaying linux rights.
>>>>
>>>>> add : acl_xattr:ignore system acl = ye
>>>>>
>>>>> last.
>>>>>
>>>>> I saw something with errors on DC2 about when creating etc.
>>>>> where the prileges set on the second DC?
>>>>>
>>>>>
>>>>>
>>>>> Louis
>>>>>
>>>>>
>>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: rowlandpenny at googlemail.com
>>>>>> [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>>>>>> Verzonden: zondag 2 november 2014 23:01
>>>>>> CC: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] Re: Re: DC2 denies access
>>>>>> when saving
>>>>>>
>>>>>> On 02/11/14 17:10, Min Wai Chan wrote:
>>>>>>
>>>>>>> Hi Rowland,
>>>>>>>
>>>>>>> You are correct...
>>>>>>>
>>>>>>> Let us ask Louis...
>>>>>>>
>>>>>>> Dear Louis,
>>>>>>>
>>>>>>> Can help us on this?
>>>>>>>
>>>>>>> Thank you
>>>>>>>
>>>>>>> On Mon, Nov 3, 2014 at 12:54 AM, Rowland Penny
>>>>>>> <rowlandpenny at googlemail.com
>>>>>>>
>>>>>> <mailto:rowlandpenny at googlemail.com>> wrote:
>>>>>>
>>>>>>> On 02/11/14 16:00, Rowland Penny wrote:
>>>>>>>
>>>>>>> On 02/11/14 15:29, ?icro MEGAS wrote:
>>>>>>>
>>>>>>> Indeed, it deleted these two mentioned directories, it
>>>>>>> also tried to delete the directory
>>>>>>> {5F5181D6-325D-4566-8B2E-0292E9F4995B} but it
>>>>>>>
>>>>>> wasn't able
>>>>
>>>>> to do so.
>>>>>>>
>>>>>>> I played around a bit and actually in my opinion
>>>>>>> rsync+unison is *not* behaving correctly as one would
>>>>>>> expect. For example: I am creating a new file or
>>>>>>>
>>>>>> directory
>>>>>>
>>>>>>> on dc2:/var/lib/samba/sysvol/mydom.example.com
>>>>>>> <http://mydom.example.com> called "test"
>>>>>>>
>>>>>>> After I run the rsync+unison command on DC1,
>>>>>>>
>>>>>> this file or
>>>>
>>>>> directory called "test" gets deleted on DC2.
>>>>>>>
>>>>>> That's not
>>>>
>>>>> what I would expect. What I expected is that this
>>>>>>> file/directory would be copied from DC2 to
>>>>>>>
>>>>>> DC1. The setup
>>>>
>>>>> works only in one direction at the moment,
>>>>>>>
>>>>>> that mean when
>>>>
>>>>> I create something on DC1 it is successfully
>>>>>>>
>>>>>> synced to DC2
>>>>>>
>>>>>>> but _not vice-versa_ :(
>>>>>>>
>>>>>>> So in my opinion there is a misconfigured
>>>>>>>
>>>>>> rsync+unison.
>>>>
>>>>> How do we set this thing up so both directions work?
>>>>>>>
>>>>>>> Mirco
>>>>>>>
>>>>>>> You would seem to be correct, I rsync'd
>>>>>>>
>>>>>> /var/lib/samba/sysvol
>>>>
>>>>> to /var/test/samba and I have been testing with the
>>>>>>>
>>>>>> later dir.
>>>>>>
>>>>>>> I run the line from the script (modified for
>>>>>>>
>>>>>> change of path)
>>>>
>>>>> and my test sysvol was replicated to the second
>>>>>>>
>>>>>> DC, so far so
>>>>
>>>>> good.
>>>>>>>
>>>>>>> root at dc02:~# cd /var/test/samba//sysvol/example.com
>>>>>>> <http://example.com>
>>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>>> <http://example.com#> ls -la
>>>>>>> total 32
>>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>>>
>>>>>>> I then created a new directory on the second DC dc02
>>>>>>>
>>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>>> <http://example.com#> mkdir Test
>>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>>> <http://example.com#> chown root:3000000 Test
>>>>>>>
>>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>>> <http://example.com#> ls -la
>>>>>>> total 40
>>>>>>> drwxrwx---+ 5 root 3000000 4096 Nov 2 15:38 .
>>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>>> drwxrwx---+ 2 root 3000000 4096 Nov 2 15:38 Test
>>>>>>>
>>>>>>> I then ran the line from the script again on dc01
>>>>>>>
>>>>>>> root at dc01:~# rsync -XAavz --delete-after -f"+ */" -f"- *"
>>>>>>> /var/test/samba/sysvol root at DC02:/var/test/samba &&
>>>>>>> /usr/bin/unison
>>>>>>> building file list ... done
>>>>>>> sysvol/example.com/ <http://example.com/>
>>>>>>> deleting sysvol/example.com/Test/
>>>>>>>
>>>>>> <http://example.com/Test/>
>>>>
>>>>> sent 973 bytes received 15 bytes 658.67 bytes/sec
>>>>>>> total size is 0 speedup is 0.00
>>>>>>> Contacting server...
>>>>>>> Connected [//dc01//var/test/samba ->
>>>>>>>
>>>>>> //dc02//var/test/samba]
>>>>
>>>>> Looking for changes
>>>>>>> Waiting for changes from server
>>>>>>> Reconciling changes
>>>>>>> Nothing to do: replicas have not changed since last sync.
>>>>>>>
>>>>>>> If I now check if the new directory is still there:
>>>>>>>
>>>>>>> root at dc02:/var/test/samba/sysvol/example.com#
>>>>>>> <http://example.com#> ls -la
>>>>>>> total 32
>>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 .
>>>>>>> drwxrwx---+ 3 root 3000000 4096 Aug 12 10:40 ..
>>>>>>> drwxrwx---+ 4 root 3000000 4096 Aug 12 10:41 Policies
>>>>>>> drwxrwx---+ 2 root 3000000 4096 Aug 12 10:40 scripts
>>>>>>>
>>>>>>> It has been removed and I think I understand why, rsync is
>>>>>>> removing it:
>>>>>>>
>>>>>>> building file list ... done
>>>>>>> sysvol/example.com/ <http://example.com/>
>>>>>>> deleting sysvol/example.com/Test/
>>>>>>>
>>>>>> <http://example.com/Test/>
>>>>
>>>>> So how do we stop rsync removing anything that is
>>>>>>>
>>>>>> not on the
>>>>
>>>>> first DC ????
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>> OK, got past that problem, remove '--delete-after'
>>>>>>>
>>>>>> >from the rsync
>>>
>>>> command. Now for the next problem, the test dir is
>>>>>>>
>>>>>> not deleted on
>>>>
>>>>> the second DC, but when unison syncs it to the first DC,
>>>>>>>
>>>>>> it is set
>>>>>>
>>>>>>> as belonging to 'root:root' even though it belongs to
>>>>>>> 'root:3000000' on the second DC.
>>>>>>>
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL
>>>>>>>
>>>>>> and read the
>>>>>>
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>>>
>>>>>>> OK, after reading the unison manpage several times, I think
>>>>>>
>>>>> I have it,
>>>>
>>>>> >from /root/.unison/default.prf remove 'perms=0' and add
>>>>>
>>>> 'owner=true' &
>>>>
>>>>> 'group=true' . This seems to fix the problem.
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>>> OK, I am testing on a test dir '/var/test/samba', I rsync'd
>>>> /var/lib/samba/sysvol' to the test dir and then tested copying between
>>>> my two DC's.
>>>>
>>>> My '/root/.unison/default.prf' now looks like this:
>>>>
>>>> # Unison preference file
>>>> # Synchronization roots
>>>> # This machine
>>>> root = /var/test/samba
>>>> # Remote machine
>>>> # Note the 2 x / behind DC02, they are required
>>>> root = ssh://root@DC02//var/test/samba
>>>> #
>>>> # Path to synchronize
>>>> path = sysvol
>>>> #
>>>> #ignore = Path stats ## ignores /var/www/stats
>>>> # copymax & maxthreads params were set to 1 for easier troubleshooting.
>>>> # Have to experiment to see if they can be increased again.
>>>> auto=true
>>>> batch=true
>>>> rsync=true
>>>> maxthreads=1
>>>> retry=3
>>>> confirmbigdel=false
>>>> servercmd=/usr/bin/unison
>>>> copythreshold=0
>>>> # removed --compress from following two lines, z is --compress
>>>> copyprog = /usr/bin/rsync -XAavz --inplace
>>>> copyprogrest = /usr/bin/rsync -XAavz --partial --inplace
>>>> copyquoterem = true
>>>> copymax = 1
>>>> owner=true
>>>> group=true
>>>>
>>>> Running 'rsync -XAavz -f"+ */" -f"- *" /var/test/samba/sysvol
>>>> root at DC02:/var/test/samba && /usr/bin/unison' syncs
>>>> '/var/test/samba/sysvol' to the second DC.
>>>>
>>>> If I add another dir inside '/var/test/samba/sysvol' and run
>>>> the command
>>>> again, the dir is then synced to the second DC.
>>>>
>>>> If I add another dir inside '/var/test/samba/sysvol' on the second DC
>>>> and run the command again, the dir is then synced to the first DC.
>>>>
>>>> I now have two identical directories, one on my first DC, the other on
>>>> the second DC, if I run 'getfacl' on any of the directories or
>>>> files, I
>>>> get exactly the same results, all the directories & files are owned by
>>>> the same user & group.
>>>>
>>>> This is, in my opinion, better than having files owned by different
>>>> users on different DC's.
>>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>> Hi, is the folder on the second DC and when you sync from the first DC,
> it is removed ?
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list