[Samba] GlusterFS, move files, Samba ACL...
rpenny at samba.org
Tue Aug 29 16:08:25 UTC 2023
On Tue, 29 Aug 2023 15:44:35 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
> >> In samba the share is:
> > I wish people wouldn't do this, if you are going to post a share,
> > please post the global section as well.
> # Global parameters
> log file = /var/log/samba/log.%M
> map to guest = Bad User
> netbios aliases = CUPSSV FILESV HOMESV
> ntlm auth = mschapv2-and-ntlmv2-only
> panic action = /usr/share/samba/panic-action %d
> printcap name = cups
> realm = AD.FVG.LNF.IT
> security = ADS
> socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4
> TCP_KEEPINTVL=15 syslog = 0
> username map = /etc/samba/user.map
> usershare max shares = 0
> winbind offline logon = Yes
> winbind use default domain = Yes
> wins support = Yes
> workgroup = LNFFVG
> spoolss: architecture = Windows x64
> rpc_daemon:spoolssd = fork
> rpc_server:spoolss = external
> idmap config lnffvg : unix_primary_group = yes
> idmap config lnffvg : unix_nss_info = yes
> idmap config lnffvg : schema_mode = rfc2307
> idmap config lnffvg : range = 10000-49999
> idmap config lnffvg : backend = ad
> idmap config * : range = 5000-9999
> idmap config * : backend = tdb
> comment = Regionale (FVG)
> inherit permissions = Yes
> kernel share modes = No
> map acl inherit = Yes
> path = /
> read only = No
> vfs objects = recycle full_audit glusterfs
> volume = FVG
> full_audit:failure = none
> full_audit:success = mkdir rmdir read pread write pwrite
> rename unlink full_audit:prefix = %S|%d|%I|%M|%u
> recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$*
> recycle:versions = yes
> recycle:keeptree = yes
> recycle:repository = .cestino/%U
> glusterfs:volume = gv0
> >> vfs objects = recycle full_audit glusterfs
> > Do you have a 'vfs objects' line in global with 'acl_xattr' in it,
> > because if you have, the line above turns it off.
> No, i don't have it; as just stated, i'm using direct mapping in XFS
> POSIX extended ACL, so i don't need acl_xattr, so it is OK that is
Gluster and XFS might be using the POSIX extended ACL, but does Samba
know anything about them ? I do not know, having never used XFS, But I
doubt if Samba does know and use them.
> >> gluster version 3.8.8-1+deb9u1, samba version
> >> 4.10.18+dfsg-0.1stretch1 .
> > I have to ask, why are you still using Debian stretch ?
> > Hasn't anyone told you it is now EOL ?
> yes. Life is complex, Rowland....
Ye, life is very complex, but not that complex that you cannot realise
that upgrading might be a good idea. If you upgrade to Bookworm, you
will get glusterfs 10.3-5 and Samba 4.17.10 , both rather large jumps.
However, it is your setup and you can do as you please, I can only
make suggestions ;-)
> Anyway, i've not changed the samba configuration, and ACL seems to
> work as expected in POSIX environment (eg, user 'gaio' does not open
> files in windows, but if i logon to the server, i can safely open it
> in terminal).
> The really strange things are that:
> 1) only preexistant files have the trouble; if i create a file ex
> novo, it worked.
> 2) only files are inaccessible, folders works as expected...
> And no a single complain on logs, also...
This seems to point to the old files not having something that the new
files are getting, try comparing all the permissions of and old file
with a new one.
More information about the samba