Stefan G. Weichinger
2018-Aug-28 14:37 UTC
[Samba] Renaming a folder while other smbd-users have files opened
A rather basic issue, but very important -> the following happened to me today: samba-4.8.3 on a debian stretch machine, AD-domain-member share: [daten] comment = Daten create mask = 0775 directory mask = 02775 force directory mode = 0775 path = /mnt/samba/ read only = No veto oplock files = /*.DAT/*.dat/ situation: More than 10 users have files open in there, doing their work mostly inside the subfolder \\server\daten\Daten (yes, ugly path ... anyway) "user11" incidentally clicks "rename" on that folder "Daten", deletes the whole name in the process, doesn't *remember* that it was "Daten" and types "Klienten" (german for "clients", doesn't matter here, just to be precise), hits OK or Save or whatever. Unfortunately that *works* while hundreds of files are opened by others, resulting in dozens of processes hanging ... and leads to an urgency call to yours truly. (I killed all the samba-processes, stopped them, moved the files back and restarted ... ) question: why does that work? why isn't that blocked/forbidden/not allowed? Do we miss something, could it be regulated better by setting ACLs or so? For sure I plan to upgrade to 4.8.5 asap, but I assume that the above topic is not a bug-related-behavior. Stefan
Ralph Böhme
2018-Aug-28 16:16 UTC
[Samba] Renaming a folder while other smbd-users have files opened
On Tue, Aug 28, 2018 at 04:37:51PM +0200, Stefan G. Weichinger via samba wrote:>why does that work? why isn't that blocked/forbidden/not allowed?because you didn't know of the "strict rename" parameter which defaults to false for reasons explained in the manpage. :) -slow -- Ralph Boehme, Samba Team https://samba.org/ Samba Developer, SerNet GmbH https://sernet.de/en/samba/ GPG Key Fingerprint: FAE2 C608 8A24 2520 51C5 59E4 AA1E 9B71 2639 9E46
Stefan G. Weichinger
2018-Aug-28 16:41 UTC
[Samba] Renaming a folder while other smbd-users have files opened
Am 28.08.18 um 18:16 schrieb Ralph Böhme:> On Tue, Aug 28, 2018 at 04:37:51PM +0200, Stefan G. Weichinger via samba > wrote: >> why does that work? why isn't that blocked/forbidden/not allowed? > > because you didn't know of the "strict rename" parameter which defaults > to false for reasons explained in the manpage. :)thanks for the pointer, read the section right now and it sounds valid ... although I still wonder if I can avoid having users do that by setting ACLs? Is it possible to allow them read/write "Daten/client[abc]" but not rename "Daten", for example? It happened for the first time since over 16 yrs or so, to be fair ;-)