[Samba] Is it possible to 'getfacl' on a mounted samba share ?
Nicola Mingotti
nmingotti at gmail.com
Mon Jan 25 09:49:17 UTC 2021
Hi Luois,
Going toward the path you suggest I get:
p at linte> mount | grep ' / '
/dev/vda1 on / type ext4 (rw,relatime,errors=remount-ro)
p at linte> sudo tune2fs -l /dev/vda1 | grep -i defa
Default mount options: user_xattr acl
Default directory hash: half_md4
But, then I checked another thing:
p at linte> uname -a
Linux linte 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64
GNU/Linux
p at nas> uname -a
Linux nas 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
GNU/Linux
=> Given that both systems are Debian stable, it might be that kernel
4.19.0-13
has something broken regarding CIFS.
I am going to try to change the kernel version and see what happens.
bye
Nicola
On 1/25/21 10:31 AM, L.P.H. van Belle via samba wrote:
> Hai Nico,
>
> what does this give you as result on that Nas.
> tune2fs -l /dev/XXX1 | grep "Default mount options:"
> (change XXX to disk offcourse).
>
> Do you get this back?
> Default mount options: user_xattr acl
>
> if not, try tune2fs -o acl /dev/XXX1
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
>> via samba
>> Verzonden: maandag 25 januari 2021 10:01
>> Aan: Rowland penny; sambalist
>> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
>> share ?
>>
>>
>> Hi Rowland,
>>
>> Still it is not working but I can give you some extra info.
>>
>> . Installed packages
>> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}'
>> ii acl 2.2.53-4
>> ii attr 1:2.4.48-4
>> ii fonts-quicksand 0.2016-2
>> ii libacl1:amd64 2.2.53-4
>> ii libattr1:amd64 1:2.4.48-4
>> ii python3-xattr 0.9.6-1
>> ii spice-client-glib-usb-acl-helper 0.35-2
>> ii xattr 0.9.6-1
>> => This is a superset of what i see in machine 'nas' so i guess it
>> should be fine.
>>
>> . Do I see the '+' in 'ls' ? No
>> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
>> total 1024
>> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
>> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
>>
>> . The same applies if I do it through a domain user:
>> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
>> total 1024
>> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
>> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
>>
>> . But I see the '+' from the machine 'nas'
>> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
>> total 252
>> drwxrwx---+ 7 root adm 4096 Oct 5 14:49 Applicativi
>> drwxrwx---+ 10 root adm 4096 Dec 7 16:05 Archivio
>>
>> . I can see the '+' in 'linte' if i define my self a permission there
>> also, in that case 'getfacl' works as expected.
>> p at linte> cd .
>> p at linte> touch test.txt
>> p at linte> sudo groupadd testgroup
>> p at linte> setfacl -m g:testgroup:000 test.txt
>> p at linte> ls -l | grep test.txt
>> -rw-r--r--+ 1 p p 0 Jan 25 09:44 test.txt
>> p at linte> getfacl test.txt
>> # file: test.txt
>> # owner: p
>> # group: p
>> user::rw-
>> group::r--
>> group:testgroup:---
>> mask::r--
>> other::r--
>>
>> . I tried to toggle several parameters in /etc/fstab without success:
>> ------- /etc/fstab --------------
>> # / was on /dev/vda1 during installation
>> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
>> user_xattr,acl,errors=remount-ro 0 1
>> ...
>> # mount disco R
>> //nas.borghi.lan/sambaDisk/DiscoS/ /mnt/discoR cifs
>> cifsacl,credentials=/usr/local/etc/discoR.credentials 0 0
>> ---------------------------------
>>
>> . For completeness i add the Samba configuration of 'linte' which
>> is there just to let 'linte' join the Windows domain at the moment.
>> ---------------- /etc/samba/smb.conf -----------------------------------
>> [global]
>> workgroup = WINDOM
>> security = ADS
>> realm = WINDOM.BORGHI.LAN
>>
>> winbind refresh tickets = Yes
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>>
>> # ho un solo dominio, quindi mi conviene non dover digitare sempre
>> # user invece di "WINDOM\user"
>> # winbind use default domain = yes
>>
>> # rimuovere dopo il testing
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> # disable printing
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # logs
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> # ---- ID mapping backend rid -------
>> # Default ID mapping configuration for local BUILTIN accounts
>> # and groups on a domain member. The default (*) domain:
>> # - must not overlap with any domain ID mapping configuration!
>> # - must use a read-write-enabled back end, such as tdb.
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> # - You must set a DOMAIN backend configuration
>> # idmap config for the SAMDOM domain
>> idmap config SAMDOM : backend = rid
>> idmap config SAMDOM : range = 10000-999999
>>
>> # Template settings for login shell and home directory
>> template shell = /bin/bash
>> template homedir = /home/WINDOM-%U
>>
>> # mappare "Administrator" a "root"
>> username map = /usr/local/samba/etc/user.map
>>
>> # directory che funge da disco in condivisione
>> # ok- this is working !
>> # [sambaDisk]
>> # path = /home/WINDOM-nicola/testSamba
>> # read only = no
>> # vfs objects = shadow_copy2
>> # shadow:snapdir = /home/WINDOM-nicola/snapshots
>> # shadow:basedir = /home/WINDOM-nicola/testSamba
>> # shadow:sort = desc
>>
>>
>> # [sambaDisk]
>> # path = /home/WINDOM-nicola/testSamba
>> # read only = no
>> # vfs objects = shadow_copy2
>> # shadow:mountpoint = /home/WINDOM-nicola/testSamba
>> # # richiesto relative se si usa 'snapdirseverywhere'
>> # shadow:snapdir = snapshots
>> # # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
>> # # shadow:basedir = toSnap
>> # shadow:sort = desc
>> # # shadow:localtime = yes
>> # # shadow:format = '%Y.%m.%d-%H.%M.%S'
>> # shadow:snapdirseverywhere = yes
>>
>> ------------------------------------------------------------------------
>>
>>
>> Do you have any other ideas ?
>>
>> Thank you for your help in any case !
>>
>> bye
>> Nicola
>>
>>
>>
>>
>> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
>>> On 24/01/2021 18:26, Nicola Mingotti wrote:
>>>> Thank you for your feedback Rowland.
>>>>
>>>> I tried as you suggest, both parameters are now in [global] and I
>>>> removed them from [sambaDisk].
>>>> Rebooted all machines a few times but unfortunately still it does not
>>>> want to work.
>>>
>>> If you run:
>>>
>>> ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
>>>
>>> and:
>>>
>>> ls -lad /mnt/discoR/Borghi
>>>
>>> Do you get a '+' sign after the Unix permissions ?
>>>
>>> e.g. ls -lad /srv/www/htdocs/testshare
>>>
>>> drwxrwx---+ 2 root domain users 4096 Oct 28 2019
>>> /srv/www/htdocs/testshare
>>>
>>> I am assuming 'Borghi' is a directory.
>>>
>>> Are both the acl and attr packages installed ?
>>>
>>> Rowland
>>>
>>>
>>>
>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list