[Samba] Is it possible to 'getfacl' on a mounted samba share ?
L.P.H. van Belle
belle at bazuin.nl
Mon Jan 25 09:54:32 UTC 2021
Thats a good catch.
It might that cifs is more outdated on buster.
A reference here on the changes in kernel
https://wiki.samba.org/index.php/LinuxCIFSKernel
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Nicola Mingotti [mailto:nmingotti at gmail.com]
> Verzonden: maandag 25 januari 2021 10:49
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
> share ?
>
>
> Hi Luois,
>
> Going toward the path you suggest I get:
>
> p at linte> mount | grep ' / '
> /dev/vda1 on / type ext4 (rw,relatime,errors=remount-ro)
>
> p at linte> sudo tune2fs -l /dev/vda1 | grep -i defa
> Default mount options: user_xattr acl
> Default directory hash: half_md4
>
> But, then I checked another thing:
>
> p at linte> uname -a
> Linux linte 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64
> GNU/Linux
>
> p at nas> uname -a
> Linux nas 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
> GNU/Linux
>
> => Given that both systems are Debian stable, it might be that kernel
> 4.19.0-13
> has something broken regarding CIFS.
>
> I am going to try to change the kernel version and see what happens.
>
>
> bye
> Nicola
>
>
> On 1/25/21 10:31 AM, L.P.H. van Belle via samba wrote:
> > Hai Nico,
> >
> > what does this give you as result on that Nas.
> > tune2fs -l /dev/XXX1 | grep "Default mount options:"
> > (change XXX to disk offcourse).
> >
> > Do you get this back?
> > Default mount options: user_xattr acl
> >
> > if not, try tune2fs -o acl /dev/XXX1
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola
> Mingotti
> >> via samba
> >> Verzonden: maandag 25 januari 2021 10:01
> >> Aan: Rowland penny; sambalist
> >> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba
> >> share ?
> >>
> >>
> >> Hi Rowland,
> >>
> >> Still it is not working but I can give you some extra info.
> >>
> >> . Installed packages
> >> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}'
> >> ii acl 2.2.53-4
> >> ii attr 1:2.4.48-4
> >> ii fonts-quicksand 0.2016-2
> >> ii libacl1:amd64 2.2.53-4
> >> ii libattr1:amd64 1:2.4.48-4
> >> ii python3-xattr 0.9.6-1
> >> ii spice-client-glib-usb-acl-helper 0.35-2
> >> ii xattr 0.9.6-1
> >> => This is a superset of what i see in machine 'nas' so i guess it
> >> should be fine.
> >>
> >> . Do I see the '+' in 'ls' ? No
> >> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> >> total 1024
> >> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
> >> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
> >>
> >> . The same applies if I do it through a domain user:
> >> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> >> total 1024
> >> drwxr-xr-x 2 root root 0 Oct 5 14:49 Applicativi
> >> drwxr-xr-x 2 root root 0 Dec 7 16:05 Archivio
> >>
> >> . But I see the '+' from the machine 'nas'
> >> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
> >> total 252
> >> drwxrwx---+ 7 root adm 4096 Oct 5 14:49 Applicativi
> >> drwxrwx---+ 10 root adm 4096 Dec 7 16:05 Archivio
> >>
> >> . I can see the '+' in 'linte' if i define my self a permission there
> >> also, in that case 'getfacl' works as expected.
> >> p at linte> cd .
> >> p at linte> touch test.txt
> >> p at linte> sudo groupadd testgroup
> >> p at linte> setfacl -m g:testgroup:000 test.txt
> >> p at linte> ls -l | grep test.txt
> >> -rw-r--r--+ 1 p p 0 Jan 25 09:44 test.txt
> >> p at linte> getfacl test.txt
> >> # file: test.txt
> >> # owner: p
> >> # group: p
> >> user::rw-
> >> group::r--
> >> group:testgroup:---
> >> mask::r--
> >> other::r--
> >>
> >> . I tried to toggle several parameters in /etc/fstab without success:
> >> ------- /etc/fstab --------------
> >> # / was on /dev/vda1 during installation
> >> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
> >> user_xattr,acl,errors=remount-ro 0 1
> >> ...
> >> # mount disco R
> >> //nas.borghi.lan/sambaDisk/DiscoS/ /mnt/discoR cifs
> >> cifsacl,credentials=/usr/local/etc/discoR.credentials 0 0
> >> ---------------------------------
> >>
> >> . For completeness i add the Samba configuration of 'linte' which
> >> is there just to let 'linte' join the Windows domain at the moment.
> >> ---------------- /etc/samba/smb.conf ----------------------------------
> -
> >> [global]
> >> workgroup = WINDOM
> >> security = ADS
> >> realm = WINDOM.BORGHI.LAN
> >>
> >> winbind refresh tickets = Yes
> >> vfs objects = acl_xattr
> >> map acl inherit = Yes
> >> store dos attributes = Yes
> >>
> >> dedicated keytab file = /etc/krb5.keytab
> >> kerberos method = secrets and keytab
> >>
> >> # ho un solo dominio, quindi mi conviene non dover digitare sempre
> >> # user invece di "WINDOM\user"
> >> # winbind use default domain = yes
> >>
> >> # rimuovere dopo il testing
> >> winbind enum users = yes
> >> winbind enum groups = yes
> >>
> >> # disable printing
> >> load printers = no
> >> printing = bsd
> >> printcap name = /dev/null
> >> disable spoolss = yes
> >>
> >> # logs
> >> log file = /var/log/samba/%m.log
> >> log level = 1
> >>
> >> # ---- ID mapping backend rid -------
> >> # Default ID mapping configuration for local BUILTIN accounts
> >> # and groups on a domain member. The default (*) domain:
> >> # - must not overlap with any domain ID mapping configuration!
> >> # - must use a read-write-enabled back end, such as tdb.
> >> idmap config * : backend = tdb
> >> idmap config * : range = 3000-7999
> >> # - You must set a DOMAIN backend configuration
> >> # idmap config for the SAMDOM domain
> >> idmap config SAMDOM : backend = rid
> >> idmap config SAMDOM : range = 10000-999999
> >>
> >> # Template settings for login shell and home directory
> >> template shell = /bin/bash
> >> template homedir = /home/WINDOM-%U
> >>
> >> # mappare "Administrator" a "root"
> >> username map = /usr/local/samba/etc/user.map
> >>
> >> # directory che funge da disco in condivisione
> >> # ok- this is working !
> >> # [sambaDisk]
> >> # path = /home/WINDOM-nicola/testSamba
> >> # read only = no
> >> # vfs objects = shadow_copy2
> >> # shadow:snapdir = /home/WINDOM-nicola/snapshots
> >> # shadow:basedir = /home/WINDOM-nicola/testSamba
> >> # shadow:sort = desc
> >>
> >>
> >> # [sambaDisk]
> >> # path = /home/WINDOM-nicola/testSamba
> >> # read only = no
> >> # vfs objects = shadow_copy2
> >> # shadow:mountpoint = /home/WINDOM-nicola/testSamba
> >> # # richiesto relative se si usa 'snapdirseverywhere'
> >> # shadow:snapdir = snapshots
> >> # # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
> >> # # shadow:basedir = toSnap
> >> # shadow:sort = desc
> >> # # shadow:localtime = yes
> >> # # shadow:format = '%Y.%m.%d-%H.%M.%S'
> >> # shadow:snapdirseverywhere = yes
> >>
> >> -----------------------------------------------------------------------
> -
> >>
> >>
> >> Do you have any other ideas ?
> >>
> >> Thank you for your help in any case !
> >>
> >> bye
> >> Nicola
> >>
> >>
> >>
> >>
> >> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
> >>> On 24/01/2021 18:26, Nicola Mingotti wrote:
> >>>> Thank you for your feedback Rowland.
> >>>>
> >>>> I tried as you suggest, both parameters are now in [global] and I
> >>>> removed them from [sambaDisk].
> >>>> Rebooted all machines a few times but unfortunately still it does not
> >>>> want to work.
> >>>
> >>> If you run:
> >>>
> >>> ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
> >>>
> >>> and:
> >>>
> >>> ls -lad /mnt/discoR/Borghi
> >>>
> >>> Do you get a '+' sign after the Unix permissions ?
> >>>
> >>> e.g. ls -lad /srv/www/htdocs/testshare
> >>>
> >>> drwxrwx---+ 2 root domain users 4096 Oct 28 2019
> >>> /srv/www/htdocs/testshare
> >>>
> >>> I am assuming 'Borghi' is a directory.
> >>>
> >>> Are both the acl and attr packages installed ?
> >>>
> >>> Rowland
> >>>
> >>>
> >>>
> >>>
> >>>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >
> >
More information about the samba
mailing list