[Samba] Is it possible to 'getfacl' on a mounted samba share ?

L.P.H. van Belle belle at bazuin.nl
Mon Jan 25 09:31:32 UTC 2021 

Hai Nico, 

what does this give you as result on that Nas.
tune2fs -l /dev/XXX1  | grep "Default mount options:" 
(change XXX to disk offcourse). 

Do you get this back? 
Default mount options:    user_xattr acl

if not, try tune2fs -o acl /dev/XXX1


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
> via samba
> Verzonden: maandag 25 januari 2021 10:01
> Aan: Rowland penny; sambalist
> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
> share ?
> 
> 
> Hi Rowland,
> 
> Still it is not working but I can give you some extra info.
> 
> . Installed packages
> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}'
> ii acl      2.2.53-4
> ii attr      1:2.4.48-4
> ii fonts-quicksand      0.2016-2
> ii libacl1:amd64      2.2.53-4
> ii libattr1:amd64      1:2.4.48-4
> ii python3-xattr      0.9.6-1
> ii spice-client-glib-usb-acl-helper      0.35-2
> ii xattr      0.9.6-1
> => This is a superset of what i see in machine 'nas' so i guess it
> should be fine.
> 
> . Do I see the '+' in 'ls' ? No
> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root      0 Oct  5 14:49 Applicativi
> drwxr-xr-x 2 root root      0 Dec  7 16:05 Archivio
> 
> . The same applies if I do it through a domain user:
> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root      0 Oct  5 14:49 Applicativi
> drwxr-xr-x 2 root root      0 Dec  7 16:05 Archivio
> 
> . But I see the '+' from the machine 'nas'
> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
> total 252
> drwxrwx---+  7 root adm    4096 Oct  5 14:49 Applicativi
> drwxrwx---+ 10 root adm    4096 Dec  7 16:05 Archivio
> 
> . I can see the '+' in 'linte' if i define my self a permission there
>    also, in that case 'getfacl' works as expected.
> p at linte> cd .
> p at linte> touch test.txt
> p at linte> sudo groupadd testgroup
> p at linte> setfacl -m g:testgroup:000 test.txt
> p at linte> ls -l | grep test.txt
> -rw-r--r--+ 1 p p    0 Jan 25 09:44 test.txt
> p at linte> getfacl test.txt
> # file: test.txt
> # owner: p
> # group: p
> user::rw-
> group::r--
> group:testgroup:---
> mask::r--
> other::r--
> 
> . I tried to toggle several parameters in /etc/fstab without success:
> ------- /etc/fstab --------------
> # / was on /dev/vda1 during installation
> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
> user_xattr,acl,errors=remount-ro 0       1
> ...
> # mount disco R
> //nas.borghi.lan/sambaDisk/DiscoS/    /mnt/discoR   cifs
> cifsacl,credentials=/usr/local/etc/discoR.credentials    0    0
> ---------------------------------
> 
> . For completeness i add the Samba configuration of 'linte' which
>    is there just to let 'linte' join the Windows domain at the moment.
> ---------------- /etc/samba/smb.conf -----------------------------------
> [global]
>     workgroup = WINDOM
>     security = ADS
>     realm = WINDOM.BORGHI.LAN
> 
>     winbind refresh tickets = Yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
> 
>     dedicated keytab file = /etc/krb5.keytab
>     kerberos method = secrets and keytab
> 
>     # ho un solo dominio, quindi mi conviene non dover digitare sempre
>     # user invece di "WINDOM\user"
>     # winbind use default domain = yes
> 
>     # rimuovere dopo il testing
>     winbind enum users = yes
>     winbind enum groups = yes
> 
>     # disable printing
>     load printers = no
>     printing = bsd
>     printcap name = /dev/null
>     disable spoolss = yes
> 
>     # logs
>     log file = /var/log/samba/%m.log
>     log level = 1
> 
>     # ---- ID mapping backend rid -------
>     # Default ID mapping configuration for local BUILTIN accounts
>     # and groups on a domain member. The default (*) domain:
>     # - must not overlap with any domain ID mapping configuration!
>     # - must use a read-write-enabled back end, such as tdb.
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     # - You must set a DOMAIN backend configuration
>     # idmap config for the SAMDOM domain
>     idmap config SAMDOM : backend = rid
>     idmap config SAMDOM : range = 10000-999999
> 
>     # Template settings for login shell and home directory
>     template shell = /bin/bash
>     template homedir = /home/WINDOM-%U
> 
>     # mappare "Administrator" a "root"
>     username map = /usr/local/samba/etc/user.map
> 
> # directory che funge da disco in condivisione
> # ok- this is working !
> # [sambaDisk]
> #       path = /home/WINDOM-nicola/testSamba
> #       read only = no
> #       vfs objects = shadow_copy2
> #       shadow:snapdir = /home/WINDOM-nicola/snapshots
> #       shadow:basedir = /home/WINDOM-nicola/testSamba
> #       shadow:sort = desc
> 
> 
> # [sambaDisk]
> #       path = /home/WINDOM-nicola/testSamba
> #       read only = no
> #       vfs objects = shadow_copy2
> #       shadow:mountpoint = /home/WINDOM-nicola/testSamba
> #       # richiesto relative se si usa 'snapdirseverywhere'
> #       shadow:snapdir = snapshots
> #       # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
> #       # shadow:basedir = toSnap
> #       shadow:sort = desc
> #       # shadow:localtime = yes
> #       # shadow:format = '%Y.%m.%d-%H.%M.%S'
> #       shadow:snapdirseverywhere = yes
> 
> ------------------------------------------------------------------------
> 
> 
> Do you have any other ideas ?
> 
> Thank you for your help in any case !
> 
> bye
> Nicola
> 
> 
> 
> 
> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
> > On 24/01/2021 18:26, Nicola Mingotti wrote:
> >>
> >> Thank you for your feedback Rowland.
> >>
> >> I tried as you suggest, both parameters are now in  [global] and I
> >> removed them from [sambaDisk].
> >> Rebooted all machines a few times but unfortunately still it does not
> >> want to work.
> >
> >
> > If you run:
> >
> > ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
> >
> > and:
> >
> > ls -lad /mnt/discoR/Borghi
> >
> > Do you get a '+' sign after the Unix permissions ?
> >
> > e.g. ls -lad /srv/www/htdocs/testshare
> >
> > drwxrwx---+ 2 root domain users 4096 Oct 28  2019
> > /srv/www/htdocs/testshare
> >
> >  I am assuming 'Borghi' is a directory.
> >
> > Are both the acl and attr packages installed ?
> >
> > Rowland
> >
> >
> >
> >
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list