[Samba] GlusterFS, move files, Samba ACL...
gaio at lilliput.linux.it
Tue Aug 29 13:44:35 UTC 2023
Mandi! Rowland Penny via samba
In chel di` si favelave...
>> In samba the share is:
> I wish people wouldn't do this, if you are going to post a share,
> please post the global section as well.
# Global parameters
log file = /var/log/samba/log.%M
map to guest = Bad User
netbios aliases = CUPSSV FILESV HOMESV
ntlm auth = mschapv2-and-ntlmv2-only
panic action = /usr/share/samba/panic-action %d
printcap name = cups
realm = AD.FVG.LNF.IT
security = ADS
socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15
syslog = 0
username map = /etc/samba/user.map
usershare max shares = 0
winbind offline logon = Yes
winbind use default domain = Yes
wins support = Yes
workgroup = LNFFVG
spoolss: architecture = Windows x64
rpc_daemon:spoolssd = fork
rpc_server:spoolss = external
idmap config lnffvg : unix_primary_group = yes
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : schema_mode = rfc2307
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : backend = ad
idmap config * : range = 5000-9999
idmap config * : backend = tdb
comment = Regionale (FVG)
inherit permissions = Yes
kernel share modes = No
map acl inherit = Yes
path = /
read only = No
vfs objects = recycle full_audit glusterfs
volume = FVG
full_audit:failure = none
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:prefix = %S|%d|%I|%M|%u
recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$*
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .cestino/%U
glusterfs:volume = gv0
>> vfs objects = recycle full_audit glusterfs
> Do you have a 'vfs objects' line in global with 'acl_xattr' in it,
> because if you have, the line above turns it off.
No, i don't have it; as just stated, i'm using direct mapping in XFS POSIX
extended ACL, so i don't need acl_xattr, so it is OK that is disabled.
>> gluster version 3.8.8-1+deb9u1, samba version
>> 4.10.18+dfsg-0.1stretch1 .
> I have to ask, why are you still using Debian stretch ?
> Hasn't anyone told you it is now EOL ?
yes. Life is complex, Rowland....
Anyway, i've not changed the samba configuration, and ACL seems to work as
expected in POSIX environment (eg, user 'gaio' does not open files in
windows, but if i logon to the server, i can safely open it in terminal).
The really strange things are that:
1) only preexistant files have the trouble; if i create a file ex novo, it
2) only files are inaccessible, folders works as expected...
And no a single complain on logs, also...
Il ministro dei temporali in un tripudio di tromboni
auspicava democrazia con la tovaglia sulle mani
e le mani sui coglioni (F. De Andre`)
More information about the samba