[Samba] Is it possible to 'getfacl' on a mounted samba share ?

Nicola Mingotti nmingotti at gmail.com
Mon Jan 25 09:49:17 UTC 2021 

Hi Luois,

Going toward the path you suggest I get:

p at linte> mount | grep ' / '
/dev/vda1 on / type ext4 (rw,relatime,errors=remount-ro)

p at linte> sudo tune2fs -l /dev/vda1  | grep -i defa
Default mount options:    user_xattr acl
Default directory hash:   half_md4

But, then I checked another thing:

p at linte> uname -a
Linux linte 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 
GNU/Linux

p at nas> uname -a
Linux nas 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 
GNU/Linux

=> Given that both systems are Debian stable, it might be that kernel 
4.19.0-13
has something broken regarding CIFS.

I am going to try to change the kernel version and see what happens.


bye
Nicola


On 1/25/21 10:31 AM, L.P.H. van Belle via samba wrote:
> Hai Nico,
>
> what does this give you as result on that Nas.
> tune2fs -l /dev/XXX1  | grep "Default mount options:"
> (change XXX to disk offcourse).
>
> Do you get this back?
> Default mount options:    user_xattr acl
>
> if not, try tune2fs -o acl /dev/XXX1
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
>> via samba
>> Verzonden: maandag 25 januari 2021 10:01
>> Aan: Rowland penny; sambalist
>> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
>> share ?
>>
>>
>> Hi Rowland,
>>
>> Still it is not working but I can give you some extra info.
>>
>> . Installed packages
>> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}'
>> ii acl      2.2.53-4
>> ii attr      1:2.4.48-4
>> ii fonts-quicksand      0.2016-2
>> ii libacl1:amd64      2.2.53-4
>> ii libattr1:amd64      1:2.4.48-4
>> ii python3-xattr      0.9.6-1
>> ii spice-client-glib-usb-acl-helper      0.35-2
>> ii xattr      0.9.6-1
>> => This is a superset of what i see in machine 'nas' so i guess it
>> should be fine.
>>
>> . Do I see the '+' in 'ls' ? No
>> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
>> total 1024
>> drwxr-xr-x 2 root root      0 Oct  5 14:49 Applicativi
>> drwxr-xr-x 2 root root      0 Dec  7 16:05 Archivio
>>
>> . The same applies if I do it through a domain user:
>> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
>> total 1024
>> drwxr-xr-x 2 root root      0 Oct  5 14:49 Applicativi
>> drwxr-xr-x 2 root root      0 Dec  7 16:05 Archivio
>>
>> . But I see the '+' from the machine 'nas'
>> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
>> total 252
>> drwxrwx---+  7 root adm    4096 Oct  5 14:49 Applicativi
>> drwxrwx---+ 10 root adm    4096 Dec  7 16:05 Archivio
>>
>> . I can see the '+' in 'linte' if i define my self a permission there
>>     also, in that case 'getfacl' works as expected.
>> p at linte> cd .
>> p at linte> touch test.txt
>> p at linte> sudo groupadd testgroup
>> p at linte> setfacl -m g:testgroup:000 test.txt
>> p at linte> ls -l | grep test.txt
>> -rw-r--r--+ 1 p p    0 Jan 25 09:44 test.txt
>> p at linte> getfacl test.txt
>> # file: test.txt
>> # owner: p
>> # group: p
>> user::rw-
>> group::r--
>> group:testgroup:---
>> mask::r--
>> other::r--
>>
>> . I tried to toggle several parameters in /etc/fstab without success:
>> ------- /etc/fstab --------------
>> # / was on /dev/vda1 during installation
>> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
>> user_xattr,acl,errors=remount-ro 0       1
>> ...
>> # mount disco R
>> //nas.borghi.lan/sambaDisk/DiscoS/    /mnt/discoR   cifs
>> cifsacl,credentials=/usr/local/etc/discoR.credentials    0    0
>> ---------------------------------
>>
>> . For completeness i add the Samba configuration of 'linte' which
>>     is there just to let 'linte' join the Windows domain at the moment.
>> ---------------- /etc/samba/smb.conf -----------------------------------
>> [global]
>>      workgroup = WINDOM
>>      security = ADS
>>      realm = WINDOM.BORGHI.LAN
>>
>>      winbind refresh tickets = Yes
>>      vfs objects = acl_xattr
>>      map acl inherit = Yes
>>      store dos attributes = Yes
>>
>>      dedicated keytab file = /etc/krb5.keytab
>>      kerberos method = secrets and keytab
>>
>>      # ho un solo dominio, quindi mi conviene non dover digitare sempre
>>      # user invece di "WINDOM\user"
>>      # winbind use default domain = yes
>>
>>      # rimuovere dopo il testing
>>      winbind enum users = yes
>>      winbind enum groups = yes
>>
>>      # disable printing
>>      load printers = no
>>      printing = bsd
>>      printcap name = /dev/null
>>      disable spoolss = yes
>>
>>      # logs
>>      log file = /var/log/samba/%m.log
>>      log level = 1
>>
>>      # ---- ID mapping backend rid -------
>>      # Default ID mapping configuration for local BUILTIN accounts
>>      # and groups on a domain member. The default (*) domain:
>>      # - must not overlap with any domain ID mapping configuration!
>>      # - must use a read-write-enabled back end, such as tdb.
>>      idmap config * : backend = tdb
>>      idmap config * : range = 3000-7999
>>      # - You must set a DOMAIN backend configuration
>>      # idmap config for the SAMDOM domain
>>      idmap config SAMDOM : backend = rid
>>      idmap config SAMDOM : range = 10000-999999
>>
>>      # Template settings for login shell and home directory
>>      template shell = /bin/bash
>>      template homedir = /home/WINDOM-%U
>>
>>      # mappare "Administrator" a "root"
>>      username map = /usr/local/samba/etc/user.map
>>
>> # directory che funge da disco in condivisione
>> # ok- this is working !
>> # [sambaDisk]
>> #       path = /home/WINDOM-nicola/testSamba
>> #       read only = no
>> #       vfs objects = shadow_copy2
>> #       shadow:snapdir = /home/WINDOM-nicola/snapshots
>> #       shadow:basedir = /home/WINDOM-nicola/testSamba
>> #       shadow:sort = desc
>>
>>
>> # [sambaDisk]
>> #       path = /home/WINDOM-nicola/testSamba
>> #       read only = no
>> #       vfs objects = shadow_copy2
>> #       shadow:mountpoint = /home/WINDOM-nicola/testSamba
>> #       # richiesto relative se si usa 'snapdirseverywhere'
>> #       shadow:snapdir = snapshots
>> #       # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
>> #       # shadow:basedir = toSnap
>> #       shadow:sort = desc
>> #       # shadow:localtime = yes
>> #       # shadow:format = '%Y.%m.%d-%H.%M.%S'
>> #       shadow:snapdirseverywhere = yes
>>
>> ------------------------------------------------------------------------
>>
>>
>> Do you have any other ideas ?
>>
>> Thank you for your help in any case !
>>
>> bye
>> Nicola
>>
>>
>>
>>
>> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
>>> On 24/01/2021 18:26, Nicola Mingotti wrote:
>>>> Thank you for your feedback Rowland.
>>>>
>>>> I tried as you suggest, both parameters are now in  [global] and I
>>>> removed them from [sambaDisk].
>>>> Rebooted all machines a few times but unfortunately still it does not
>>>> want to work.
>>>
>>> If you run:
>>>
>>> ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
>>>
>>> and:
>>>
>>> ls -lad /mnt/discoR/Borghi
>>>
>>> Do you get a '+' sign after the Unix permissions ?
>>>
>>> e.g. ls -lad /srv/www/htdocs/testshare
>>>
>>> drwxrwx---+ 2 root domain users 4096 Oct 28  2019
>>> /srv/www/htdocs/testshare
>>>
>>>   I am assuming 'Borghi' is a directory.
>>>
>>> Are both the acl and attr packages installed ?
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list