[Samba] GlusterFS, move files, Samba ACL...

Marco Gaiarin gaio at lilliput.linux.it
Tue Aug 29 13:44:35 UTC 2023 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

>> In samba the share is:
> I wish people wouldn't do this, if you are going to post a share,
> please post the global section as well.

Sorry.

# Global parameters
[global]
	log file = /var/log/samba/log.%M
	map to guest = Bad User
	netbios aliases = CUPSSV FILESV HOMESV
	ntlm auth = mschapv2-and-ntlmv2-only
	panic action = /usr/share/samba/panic-action %d
	printcap name = cups
	realm = AD.FVG.LNF.IT
	security = ADS
	socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15
	syslog = 0
	username map = /etc/samba/user.map
	usershare max shares = 0
	winbind offline logon = Yes
	winbind use default domain = Yes
	wins support = Yes
	workgroup = LNFFVG
	spoolss: architecture = Windows x64
	rpc_daemon:spoolssd = fork
	rpc_server:spoolss = external
	idmap config lnffvg : unix_primary_group = yes
	idmap config lnffvg : unix_nss_info = yes
	idmap config lnffvg : schema_mode = rfc2307
	idmap config lnffvg : range = 10000-49999
	idmap config lnffvg : backend = ad
	idmap config * : range = 5000-9999
	idmap config * : backend = tdb

[...]

[FVG]
	comment = Regionale (FVG)
	inherit permissions = Yes
	kernel share modes = No
	map acl inherit = Yes
	path = /
	read only = No
	vfs objects = recycle full_audit glusterfs
	volume = FVG
	full_audit:failure = none
	full_audit:success = mkdir rmdir read pread write pwrite rename unlink
	full_audit:prefix = %S|%d|%I|%M|%u
	recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$*
	recycle:versions = yes
	recycle:keeptree = yes
	recycle:repository = .cestino/%U
	glusterfs:volume = gv0


>>       vfs objects = recycle full_audit glusterfs
> Do you have a 'vfs objects' line in global with 'acl_xattr' in it,
> because if you have, the line above turns it off.

No, i don't have it; as just stated, i'm using direct mapping in XFS POSIX
extended ACL, so i don't need acl_xattr, so it is OK that is disabled.


>> gluster version 3.8.8-1+deb9u1, samba version
>> 4.10.18+dfsg-0.1stretch1 .
> I have to ask, why are you still using Debian stretch ?
> Hasn't anyone told you it is now EOL ?

yes. Life is complex, Rowland....


Anyway, i've not changed the samba configuration, and ACL seems to work as
expected in POSIX environment (eg, user 'gaio' does not open files in
windows, but if i logon to the server, i can safely open it in terminal).


The really strange things are that:

1) only preexistant files have the trouble; if i create a file ex novo, it
 worked.

2) only files are inaccessible, folders works as expected...


And no a single complain on logs, also...

-- 
  Il ministro dei temporali in un tripudio di tromboni
  auspicava democrazia con la tovaglia sulle mani
  e le mani sui coglioni				(F. De Andre`)

More information about the samba mailing list