[Samba] Writing rights not staying
Ph Lachaud
hpenhp at yahoo.fr
Mon Jul 24 16:57:52 UTC 2017
Sorry, forgot to say "Hi" first :)
and my smbstatus is wrong, i replaced a few names for confidentiality reasons and forgot to do it there also so it should look more like this :
Output_IO 25601 10.20.88.108 Mon Jul 24 05:14:23 PM 2017 CEST - -
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_03_audio.mxf Mon Jul 24 17:15:57 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_08.mxf Mon Jul 24 17:15:41 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_09.mxf Mon Jul 24 17:16:04 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_09_audio.mxf Mon Jul 24 17:15:48 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_08_audio.mxf Mon Jul 24 17:15:50 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/ASSETMAP.xml Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_03.mxf Mon Jul 24 17:16:08 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/PKL_a7eab518-13e6-47d4-abf7-5db3d550e1e6.xml Mon Jul 24 17:15:50 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_04_sub.mxf Mon Jul 24 17:15:56 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_06_audio.mxf Mon Jul 24 17:15:55 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_02_audio.mxf Mon Jul 24 17:15:58 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_05.mxf Mon Jul 24 17:16:00 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_01_audio.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_05_sub.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_04.mxf Mon Jul 24 17:15:45 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_06_sub.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/VOLINDEX.xml Mon Jul 24 17:15:57 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_07_audio.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_06.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_02_sub.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_10_audio.mxf Mon Jul 24 17:15:56 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_07.mxf Mon Jul 24 17:15:43 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/CPL_9eca949b-3e21-4400-bf89-00d4b7598c2f.xml Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/BAY1/BAY2/OUTPUT IO/TEST/TEST01/TEST01_10.mxf Mon Jul 24 17:16:03 2017
25685 40143 DENY_NONE 0x89 RDONLY EXCLUSIVE /mnt/BAY1/BAY2/OUTPUT_IO/TEST02/TEST03/TEST03_03.mxf Mon Jul 24 17:32:48 2017
25602 40122 DENY_NONE 0x100081 RDONLY NONE /mnt/BAY1/BAY2/BAY2/TEST04/01_FTR Mon Jul 24 17:14:23 2017
Right now it is working again.. i just edited the smb.conf file a few times and restarted the service for my users to have RW rights again, but it won't stay !
Regards.
Le Lundi 24 juillet 2017 18h47, Ph Lachaud via samba <samba at lists.samba.org> a écrit :
I experienced several problems with my samba nas servers.
Everything was good untill i recently changed the san disks bays (that are connected to the 2 nas servers). At this time i think that i also deleted the links to the old LDAP server that was not used.
note : all my users are created on both nas locally and added to a specific group
Doing only minor changes to the conf files makes it work again, at first i thought that the changes i did were good, but the next day when the write error came back, i knew that it was just restarting samba service a few times that did the trick...
I then decided to upgrade both kernell and samba version of the 2 nas and clean the conf file from the old setups lines.
But still i got clients with write rights errors happening every few days.
Here is my smb.conf file :
#======================= Global Settings =======================
[global]
#workgroup = WORKGROUP
dns proxy = no
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
force group = baylab.lab
ntlm auth = yes
client ntlmv2 auth = yes
panic action = /usr/share/samba/panic-action %d
server role = standalone server
security = user
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
strict allocate = Yes
allocation roundup size = 4096
read raw = Yes
server signing = No
write raw = Yes
strict locking = No
min receivefile size = 16384
use sendfile = Yes
aio write size = 16384
aio read size = 16384
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
#======================= Share Definitions =======================
######################## Full Access #############################
# BAY1 full
[BAY1]
comment = SAN BAY1
path = /mnt/BAY1
writeable = yes
browseable = no
read only = no
valid users = linuxop01,linuxop04,lab01,rapid01,rapid02,dms2000,dcp01,dcp02,dcp03,dcp04,dcp05,dcp06,master01,master03,linuxop03
write list = linuxop01,linuxop03,linuxop04,lab01,rapid01,rapid02,dms2000,dcp01,dcp02,dcp03,dcp04,dcp05,dcp06,master01,master03
force group = baylab.lab
inherit permissions = yes
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
# BAY2 full
[BAY2]
comment = SAN BAY2
path = /mnt/BAY1/BAY2
browseable = yes
read only = no
valid users = linuxop01,linuxop04,lab01,rapid01,rapid02,dms2000,dcp01,dcp02,dcp03,dcp04,dcp05,dcp06,master01,master03,linuxop03
force group = baylab.lab
inherit permissions = yes
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
# BAY3 full
[BAY3]
comment = SAN BAY3
path = /mnt/BAY3
browseable = yes
read only = no
valid users = linuxop01,linuxop04,lab01,rapid01,rapid02,dms2000,dcp01,dcp02,dcp03,dcp04,dcp05,dcp06,master01,master03,linuxop03
force group = baylab.lab
inherit permissions = yes
create mode = 0775
force create mode = 0775
directory mode = 0775
force directory mode = 0775
####################### Specific Access #############################
###################### BAY1 ############################
# BAY1 WORKDATA
[Mastering_Workdata]
comment = BAY1 Workdata folder
path = /mnt/BAY1/WORKDATA
browseable = yes
read only = no
valid users = dcp01,dcp02,dcp03,dcp04,dcp05,linuxop01
force group = baylab.lab
inherit permissions = yes
create mode = 0775
force create mode = 0775
directory mode = 0775
force directory mode = 0775
# BAY1 In_IO
[In_IO]
comment = BAY1 In_IO folder
path = /mnt/BAY1/INPUT/
browseable = yes
read only = no
valid users = linuxio01, linuxio02, linuxio03, ingest01, ingest02, ingest03, stormmac01, render01, rendervod01, render02, render03, render04, render05, render06, render07, render08, render09, render10, render11, render12, render13, render14, render15, render16, render17, render18, render19, render20, linuxop03
force group = baylab.lab
inherit permissions = yes
create mask = 0775
force create mode = 0775
directory mask = 0775
force directory mode = 0775
######################## BAY2 #################################
# BAY2 BAY2
[Delivery_Workdata]
comment = BAY2 folder
path = /mnt/BAY1/BAY2/BAY2
browseable = yes
read only = no
valid users = dcp01,dcp02,dcp03,dcp04,dcp05
force group = baylab.lab
inherit permissions = yes
create mode = 0775
force create mode = 0775
directory mode = 0775
force directory mode = 0775
# BAY2 OUTPUT IO
[Output_IO]
comment = BAY2 Output_IO folder
path = /mnt/BAY1/BAY2/OUTPUT/
browseable = yes
read only = no
valid users = linuxio01,linuxio02,linuxio03,ingest01,ingest02,ingest03,stormmac01,render01,rendervod01,render02,render03,render04,render05,render06,render07,render08,render09,render10,render11,render12,render13,render14,render15,render16,render17,render18,render19,render20
force group = baylab.lab
inherit permissions = yes
create mode = 0775
force create mode = 0775
directory mode = 0775
force directory mode = 0775
Every user is from group baylab.lab and baylab.lab group own every folder (each is 0775), so that all the users from the valid users parameter that have access to the folder can write on files and folders not created by them, as long as they are part of the baylab.lab group, wich is the case for every user i created like this :
- useradd theuser- smbpasswd -a theuser- usermod -G baylab.lab theuser
here is the output of smbstatus -p :
Samba version 4.5.8-Debian
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
25603 linuxio02 linuxio02 10.20.108.12 (ipv4:10.20.108.12:46830) NT1 - -
25695 master03 master03 christie-pc (ipv4:192.168.20.126:36954) NT1 - -
25691 master03 master03 christie-pc (ipv4:192.168.20.126:36952) NT1 - -
25601 render08 render08 10.20.88.108 (ipv4:10.20.88.108:49541) SMB2_10 - -
25602 lab01 lab01 10.20.148.92 (ipv4:10.20.148.92:16129) SMB2_10 - -
25685 linuxio03 linuxio03 10.20.108.13 (ipv4:10.20.108.13:35480) NT1 - -
25680 linuxio03 linuxio03 10.20.108.13 (ipv4:10.20.108.13:35478) NT1 - -
and a small output of smbstatus :Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_03_audio.mxf Mon Jul 24 17:15:57 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_08.mxf Mon Jul 24 17:15:41 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_09.mxf Mon Jul 24 17:16:04 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_09_audio.mxf Mon Jul 24 17:15:48 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_08_audio.mxf Mon Jul 24 17:15:50 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/ASSETMAP.xml Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_03.mxf Mon Jul 24 17:16:08 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/PKL_a7eab518-13e6-47d4-abf7-5db3d550e1e6.xml Mon Jul 24 17:15:50 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_04_sub.mxf Mon Jul 24 17:15:56 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_06_audio.mxf Mon Jul 24 17:15:55 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_02_audio.mxf Mon Jul 24 17:15:58 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_05.mxf Mon Jul 24 17:16:00 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_01_audio.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_05_sub.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_04.mxf Mon Jul 24 17:15:45 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_06_sub.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/VOLINDEX.xml Mon Jul 24 17:15:57 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_07_audio.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_06.mxf Mon Jul 24 17:16:06 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_02_sub.mxf Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_10_audio.mxf Mon Jul 24 17:15:56 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_07.mxf Mon Jul 24 17:15:43 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/CPL_9eca949b-3e21-4400-bf89-00d4b7598c2f.xml Mon Jul 24 17:15:53 2017
25601 40170 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/MASTERING/DELIVERY/OUTPUT IO/TEST/TEST01/TEST01_10.mxf Mon Jul 24 17:16:03 2017
25685 40143 DENY_NONE 0x89 RDONLY EXCLUSIVE /mnt/MASTERING/DELIVERY/OUTPUT_IO/TEST02/TEST03/TEST03_03.mxf Mon Jul 24 17:32:48 2017
25602 40122 DENY_NONE 0x100081 RDONLY NONE /mnt/MASTERING/DELIVERY/DELIVERY/TEST04/01_FTR Mon Jul 24 17:14:23 2017
So why / how is it possible that the writing rights sometimes don't work and that i need to modify smb.conf and reload samba service a few times for the writing rights to come back ? Strange behaviour no? It's like suddenly the force group setting is not working anymore or the user is not from the group anymore.
This happens with all kind of clients, from windows 7 / 10 to linux and mac os.
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list