[Samba] Is it possible to 'getfacl' on a mounted samba share ?
L.P.H. van Belle
belle at bazuin.nl
Mon Jan 25 09:31:32 UTC 2021
Hai Nico,
what does this give you as result on that Nas.
tune2fs -l /dev/XXX1 | grep "Default mount options:"
(change XXX to disk offcourse).
Do you get this back?
Default mount options: user_xattr acl
if not, try tune2fs -o acl /dev/XXX1
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
> via samba
> Verzonden: maandag 25 januari 2021 10:01
> Aan: Rowland penny; sambalist
> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
> share ?
>
>
> Hi Rowland,
>
> Still it is not working but I can give you some extra info.
>
> . Installed packages
> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}'
> ii acl 2.2.53-4
> ii attr 1:2.4.48-4
> ii fonts-quicksand 0.2016-2
> ii libacl1:amd64 2.2.53-4
> ii libattr1:amd64 1:2.4.48-4
> ii python3-xattr 0.9.6-1
> ii spice-client-glib-usb-acl-helper 0.35-2
> ii xattr 0.9.6-1
> => This is a superset of what i see in machine 'nas' so i guess it
> should be fine.
>
> . Do I see the '+' in 'ls' ? No
> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
>
> . The same applies if I do it through a domain user:
> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
>
> . But I see the '+' from the machine 'nas'
> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
> total 252
> drwxrwx---+ 7 root adm 4096 Oct 5 14:49 Applicativi
> drwxrwx---+ 10 root adm 4096 Dec 7 16:05 Archivio
>
> . I can see the '+' in 'linte' if i define my self a permission there
> also, in that case 'getfacl' works as expected.
> p at linte> cd .
> p at linte> touch test.txt
> p at linte> sudo groupadd testgroup
> p at linte> setfacl -m g:testgroup:000 test.txt
> p at linte> ls -l | grep test.txt
> -rw-r--r--+ 1 p p 0 Jan 25 09:44 test.txt
> p at linte> getfacl test.txt
> # file: test.txt
> # owner: p
> # group: p
> user::rw-
> group::r--
> group:testgroup:---
> mask::r--
> other::r--
>
> . I tried to toggle several parameters in /etc/fstab without success:
> ------- /etc/fstab --------------
> # / was on /dev/vda1 during installation
> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
> user_xattr,acl,errors=remount-ro 0 1
> ...
> # mount disco R
> //nas.borghi.lan/sambaDisk/DiscoS/ /mnt/discoR cifs
> cifsacl,credentials=/usr/local/etc/discoR.credentials 0 0
> ---------------------------------
>
> . For completeness i add the Samba configuration of 'linte' which
> is there just to let 'linte' join the Windows domain at the moment.
> ---------------- /etc/samba/smb.conf -----------------------------------
> [global]
> workgroup = WINDOM
> security = ADS
> realm = WINDOM.BORGHI.LAN
>
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> # ho un solo dominio, quindi mi conviene non dover digitare sempre
> # user invece di "WINDOM\user"
> # winbind use default domain = yes
>
> # rimuovere dopo il testing
> winbind enum users = yes
> winbind enum groups = yes
>
> # disable printing
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # logs
> log file = /var/log/samba/%m.log
> log level = 1
>
> # ---- ID mapping backend rid -------
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> # - You must set a DOMAIN backend configuration
> # idmap config for the SAMDOM domain
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-999999
>
> # Template settings for login shell and home directory
> template shell = /bin/bash
> template homedir = /home/WINDOM-%U
>
> # mappare "Administrator" a "root"
> username map = /usr/local/samba/etc/user.map
>
> # directory che funge da disco in condivisione
> # ok- this is working !
> # [sambaDisk]
> # path = /home/WINDOM-nicola/testSamba
> # read only = no
> # vfs objects = shadow_copy2
> # shadow:snapdir = /home/WINDOM-nicola/snapshots
> # shadow:basedir = /home/WINDOM-nicola/testSamba
> # shadow:sort = desc
>
>
> # [sambaDisk]
> # path = /home/WINDOM-nicola/testSamba
> # read only = no
> # vfs objects = shadow_copy2
> # shadow:mountpoint = /home/WINDOM-nicola/testSamba
> # # richiesto relative se si usa 'snapdirseverywhere'
> # shadow:snapdir = snapshots
> # # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
> # # shadow:basedir = toSnap
> # shadow:sort = desc
> # # shadow:localtime = yes
> # # shadow:format = '%Y.%m.%d-%H.%M.%S'
> # shadow:snapdirseverywhere = yes
>
> ------------------------------------------------------------------------
>
>
> Do you have any other ideas ?
>
> Thank you for your help in any case !
>
> bye
> Nicola
>
>
>
>
> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
> > On 24/01/2021 18:26, Nicola Mingotti wrote:
> >>
> >> Thank you for your feedback Rowland.
> >>
> >> I tried as you suggest, both parameters are now in [global] and I
> >> removed them from [sambaDisk].
> >> Rebooted all machines a few times but unfortunately still it does not
> >> want to work.
> >
> >
> > If you run:
> >
> > ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
> >
> > and:
> >
> > ls -lad /mnt/discoR/Borghi
> >
> > Do you get a '+' sign after the Unix permissions ?
> >
> > e.g. ls -lad /srv/www/htdocs/testshare
> >
> > drwxrwx---+ 2 root domain users 4096 Oct 28 2019
> > /srv/www/htdocs/testshare
> >
> > I am assuming 'Borghi' is a directory.
> >
> > Are both the acl and attr packages installed ?
> >
> > Rowland
> >
> >
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list