[Samba] Is it possible to 'getfacl' on a mounted samba share ?
Nicola Mingotti
nmingotti at gmail.com
Sun Jan 24 16:30:47 UTC 2021
Hi,
I have installed a Samba DC and a Samba based NAS to feed
a mainly Windows computer network. It is all working very well.
I am implementing the backup system right now and I found a problem with
permissions
when working from Linux on the Samba shared directories.
If i run "getfacl" and "setfacl"
from the machine exporting the Samba disk it all works as expected. ok.
I can see all files permission from Windows computers mounting the Samba
share. ok.
But, If I try to run "getfacl" from a linux machine mounting the
samba share I can't seen anything. Is it normal?
I mount the Samba share in Linux like this
---- /etc/fstab -----------------------------------
//nas.borghi.lan/sambaDisk/DiscoS/ /mnt/discoR cifs
cifsacl,credentials=/usr/local/etc/discoR.credentials 0 0
---------------------------------------------------
#> sudo mount /mnt/discoR
My /etc/samba/smb.conf is at the end of message.
I thought maybe it was because my linux box doesn't know about
AD users. So I made a test also from a Linux machine who joined
the Windows domain. No differences. I can't 'getfacl' at all.
Am i missing something fundamental? It maybe so, it is the first
time I am working seriously with Samba.
bye
Nicola
----- /etc/samba/smb.conf -----------------
# please ignore my comments, especially if in Italian.
[global]
workgroup = WINDOM
security = ADS
realm = WINDOM.BORGHI.LAN
# per le windows ACL
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# rimuovere dopo il testing
winbind enum users = yes
winbind enum groups = yes
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# logs
# log file = /var/log/samba/%m.log
# log level = 1
log file = /var/log/samba/samba.log
# log file = /var/log/samba/perPersonOrMachine/%U.log
# log level = 1 smb:2 smb2:3
# log level = 2 smb:2 smb2:2 vfs:9
log level = 2 smb:2 smb2:2
# . certo di gestirlo con logrotate
# max file size 100 mega, si spera che logrotate lo tagli prima
max log size = 100000
# ---- ID mapping backend rid -------
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# - You must set a DOMAIN backend configuration
# idmap config for the SAMDOM domain
idmap config WINDOM : backend = rid
idmap config WINDOM : range = 10000-999999
# Template settings for login shell and home directory
template shell = /bin/bash
template homedir = /home/WINDOM-%U
# mappare "Administrator" a "root"
username map = /usr/local/samba/etc/user.map
# directory che funge da disco in condivisione
[sambaDisk]
path = /mnt/sambaShared/sambaDisk
read only = no
# --- mask di default per gli utenti
create mask = 777
directory mask = 777
# -- cosa succede se un'utente se ne va ?
# meglio assicurarsi che non ci siano problemi fissando
# un default user e gruppo per tutti i file.
# (*) vale per i client windows. Non vale per Linux. Per Mac ?
# => DISABILITATO, perche' nei log non vedo piu' chi apre i
files, solo "root", ovunque
# force user = root
# force group = adm
# inherit permissions = true
# ---- carica moduli che servono
# vfs objects = full_audit shadow_copy2
vfs objects = shadow_copy2
# -------------------------------
# --- per l'audit ---------------
# . disattivato, per issues con i log che non ripartono
# posso leggere gli accessi in lettura/scrittura ai files sui
log di default.
# opendir: troppi output, viene lette in automatico
# questi non capisco cosa fanno: read write pread pwrite
# full_audit:prefix = %u|%I
# full_audit:success = open
# full_audit:failure = all
# full_audit:facility = LOCAL5
# --------------------------------
# ---- per le shadow copies ------
shadow:snapdir = /mnt/sambaShared/snapshots
shadow:basedir = /mnt/sambaShared/sambaDisk
shadow:sort = desc
----------------------------------------------------------------
More information about the samba
mailing list