samba - Jul 2020 - Samba-4.10.4 strange behaviour

Hello All,

I'm new to the list and I don't have much of experience with samba.

I have a test setup on CentOS 7.8 with samba-4.10.4 and samba-vfs-glusterfs .
When my client mounts the samba share via vers=1.0 , the user sees the share
properly (uid,gid,mode are just like on gluster). When the share is mounted with
vers=2.0 or not specified (anything higher) the files are owned by root/root and
can't be changed (even by root).

Here is a short summary:

Packages:
samba-4.10.4-11.el7_8.x86_64
samba-client-libs-4.10.4-11.el7_8.x86_64
samba-common-4.10.4-11.el7_8.noarch
samba-common-libs-4.10.4-11.el7_8.x86_64
samba-common-tools-4.10.4-11.el7_8.x86_64
samba-libs-4.10.4-11.el7_8.x86_64
samba-vfs-glusterfs-4.10.4-11.el7_8.x86_64


TESTPARM:

# Global parameters
[global]
??????? printcap name = cups
??????? security = USER
??????? workgroup = SAMBA
??????? idmap config * : backend = tdb
??????? cups options = raw


[homes]
??????? browseable = No
??????? comment = Home Directories
??????? inherit acls = Yes
??????? read only = No
??????? valid users = %S %D%w%S


[printers]
??????? browseable = No
??????? comment = All Printers
??????? create mask = 0600
??????? path = /var/tmp
??????? printable = Yes


[print$]
??????? comment = Printer Drivers
??????? create mask = 0664
??????? directory mask = 0775
??????? force group = @printadmin
??????? path = /var/lib/samba/drivers
??????? write list = @printadmin root


[gluster-replicate]
??????? comment = For samba share of volume replicate
??????? guest ok = Yes
??????? inherit acls = Yes
??????? kernel share modes = No
??????? path = /
??????? read only = No
??????? vfs objects = glusterfs
??????? glusterfs:loglevel = 7
??????? glusterfs:logfile = /var/log/samba/glusterfs-replicate.%M.log
??????? glusterfs:volume = replicate

Shares ownership:
[root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser
Password for smbuser@//servera/gluster-replicate:? ***
[root at servera ~]# ls -l /mnt
???? 9
drwxr-xr-x. 2 root root 0? 1 ??? 18,42 test
-rwxr-xr-x. 1 root root 4? 1 ??? 18,49 test12
-rwxr-xr-x. 1 root root 9? 1 ??? 18,51 test12345
drwxr-xr-x. 2 root root 0? 1 ??? 18,49 test35
[root at servera ~]# umount /mnt
[root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser,vers=1.0
Password for smbuser@//servera/gluster-replicate:? ***
[root at servera ~]# ls -l /mnt
???? 9
drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
-rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
-rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
[root at servera ~]# umount /mnt
[root at servera ~]# mount -t glusterfs -o acl servera:/replicate /mnt
[root at servera ~]# ls -l /mnt
???? 9
drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
-rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
-rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
[root at servera ~]#


I'm pretty sure I'm missing something , but I have no idea what it is.
Any ideas why the share is viewable as "root" will be highly
appreciated.


Thanks in advance.

Best Regards,
Strahil NIkolov

Dear Strahil,

please find my current settings below:


[global]
 ??????? netbios name = yourName
 ??????? workgroup = yourWorkgroup
 ??????? realm = YourRealm
 ??????? log file = /var/log/samba/log.%m
 ??????? max log size = 50
 ??????? security = ads

 ??????? clustering = yes

 ??? ??? max protocol = SMB3
 ? ? ?? ? kernel share modes = no
 ?? ? ? ? kernel change notify = no

 ??????? kernel oplocks = no
 ??????? posix locking = no

 ??????? map archive = no
 ??????? map hidden = no
 ??????? map read only = no
 ??????? map system = no
 ??????? store dos attributes = yes


 ??????? idmap config * : backend = autorid
 ??????? idmap config * : range = 1000000-19999999
 ??????? idmap config * : rangesize = 1000000
 ??????? include = /etc/samba/ctdb.conf
 ??????? fruit:aapl = yes
 ??????? ea support = yes

 ??? # it turns out that using SMB1 via linux/rsync
 ??? # is leading to wrong permissions in our case
 ??? min protocol = SMB2

[gluster-replicated]
 ??? comment  ??? vfs objects = fruit streams_xattr glusterfs
 ??? glusterfs:volume = yourGlusterVolume
 ??? glusterfs:logfile = /var/log/samba/yourLog.log
 ??? glusterfs:loglevel = 1
 ??? inherit acls = yes
 ??? path = /
 ??? read only = no
 ??? guest ok = no


Please let me know if this works for you.


Regards,

Felix

On 01/07/2020 18:08, Strahil Nikolov via samba wrote:
> Hello All,
>
> I'm new to the list and I don't have much of experience with samba.
>
> I have a test setup on CentOS 7.8 with samba-4.10.4 and samba-vfs-glusterfs
.
> When my client mounts the samba share via vers=1.0 , the user sees the
share properly (uid,gid,mode are just like on gluster). When the share is
mounted with vers=2.0 or not specified (anything higher) the files are owned by
root/root and can't be changed (even by root).
>
> Here is a short summary:
>
> Packages:
> samba-4.10.4-11.el7_8.x86_64
> samba-client-libs-4.10.4-11.el7_8.x86_64
> samba-common-4.10.4-11.el7_8.noarch
> samba-common-libs-4.10.4-11.el7_8.x86_64
> samba-common-tools-4.10.4-11.el7_8.x86_64
> samba-libs-4.10.4-11.el7_8.x86_64
> samba-vfs-glusterfs-4.10.4-11.el7_8.x86_64
>
>
> TESTPARM:
>
> # Global parameters
> [global]
>  ??????? printcap name = cups
>  ??????? security = USER
>  ??????? workgroup = SAMBA
>  ??????? idmap config * : backend = tdb
>  ??????? cups options = raw
>
>
> [homes]
>  ??????? browseable = No
>  ??????? comment = Home Directories
>  ??????? inherit acls = Yes
>  ??????? read only = No
>  ??????? valid users = %S %D%w%S
>
>
> [printers]
>  ??????? browseable = No
>  ??????? comment = All Printers
>  ??????? create mask = 0600
>  ??????? path = /var/tmp
>  ??????? printable = Yes
>
>
> [print$]
>  ??????? comment = Printer Drivers
>  ??????? create mask = 0664
>  ??????? directory mask = 0775
>  ??????? force group = @printadmin
>  ??????? path = /var/lib/samba/drivers
>  ??????? write list = @printadmin root
>
>
> [gluster-replicate]
>  ??????? comment = For samba share of volume replicate
>  ??????? guest ok = Yes
>  ??????? inherit acls = Yes
>  ??????? kernel share modes = No
>  ??????? path = /
>  ??????? read only = No
>  ??????? vfs objects = glusterfs
>  ??????? glusterfs:loglevel = 7
>  ??????? glusterfs:logfile = /var/log/samba/glusterfs-replicate.%M.log
>  ??????? glusterfs:volume = replicate
>
> Shares ownership:
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser
> Password for smbuser@//servera/gluster-replicate:? ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxr-xr-x. 2 root root 0? 1 ??? 18,42 test
> -rwxr-xr-x. 1 root root 4? 1 ??? 18,49 test12
> -rwxr-xr-x. 1 root root 9? 1 ??? 18,51 test12345
> drwxr-xr-x. 2 root root 0? 1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser,vers=1.0
> Password for smbuser@//servera/gluster-replicate:? ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t glusterfs -o acl servera:/replicate /mnt
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
> [root at servera ~]#
>
>
> I'm pretty sure I'm missing something , but I have no idea what it
is. Any ideas why the share is viewable as "root" will be highly
appreciated.
>
>
> Thanks in advance.
>
> Best Regards,
> Strahil NIkolov
>
>

Hi Felix,

thanks for the share.
Sadly it doesn't work and I don't know how to start debugging this one.

I tried your config (had to switch from domain member to standalone) but
it's the same:

[global]
??????? netbios name = yourName
??????? workgroup = yourWorkgroup
??????? realm = YourRealm
??????? log file = /var/log/samba/log.%m
??????? max log size = 50
??????? security = ads

??????? clustering = yes

??? ??? max protocol = SMB3
? ? ?? ? kernel share modes = no
?? ? ? ? kernel change notify = no

??????? kernel oplocks = no
??????? posix locking = no

??????? map archive = no
??????? map hidden = no
??????? map read only = no
??????? map system = no
??????? store dos attributes = yes


??????? idmap config * : backend = autorid
??????? idmap config * : range = 1000000-19999999
??????? idmap config * : rangesize = 1000000
??????? include = /etc/samba/ctdb.conf
??????? fruit:aapl = yes
??????? ea support = yes

??? # it turns out that using SMB1 via linux/rsync
??? # is leading to wrong permissions in our case
??? min protocol = SMB2

[gluster-replicated]
??? comment ??? vfs objects = fruit streams_xattr glusterfs
??? glusterfs:volume = yourGlusterVolume
??? glusterfs:logfile = /var/log/samba/yourLog.log
??? glusterfs:loglevel = 1
??? inherit acls = yes
??? path = /
??? read only = no
??? guest ok = no

Best Regards,
Strahil Nikolov




? ?????, 1 ??? 2020 ?., 19:33:12 ?. ???????+3, Felix K?lzow via samba <samba
at lists.samba.org> ??????:





Dear Strahil,

please find my current settings below:


[global]
??????? netbios name = yourName
??????? workgroup = yourWorkgroup
??????? realm = YourRealm
??????? log file = /var/log/samba/log.%m
??????? max log size = 50
??????? security = ads

??????? clustering = yes

??? ??? max protocol = SMB3
? ? ?? ? kernel share modes = no
?? ? ? ? kernel change notify = no

??????? kernel oplocks = no
??????? posix locking = no

??????? map archive = no
??????? map hidden = no
??????? map read only = no
??????? map system = no
??????? store dos attributes = yes


??????? idmap config * : backend = autorid
??????? idmap config * : range = 1000000-19999999
??????? idmap config * : rangesize = 1000000
??????? include = /etc/samba/ctdb.conf
??????? fruit:aapl = yes
??????? ea support = yes

??? # it turns out that using SMB1 via linux/rsync
??? # is leading to wrong permissions in our case
??? min protocol = SMB2

[gluster-replicated]
??? comment ??? vfs objects = fruit streams_xattr glusterfs
??? glusterfs:volume = yourGlusterVolume
??? glusterfs:logfile = /var/log/samba/yourLog.log
??? glusterfs:loglevel = 1
??? inherit acls = yes
??? path = /
??? read only = no
??? guest ok = no


Please let me know if this works for you.


Regards,

Felix

On 01/07/2020 18:08, Strahil Nikolov via samba wrote:
> Hello All,
>
> I'm new to the list and I don't have much of experience with samba.
>
> I have a test setup on CentOS 7.8 with samba-4.10.4 and samba-vfs-glusterfs
.
> When my client mounts the samba share via vers=1.0 , the user sees the
share properly (uid,gid,mode are just like on gluster). When the share is
mounted with vers=2.0 or not specified (anything higher) the files are owned by
root/root and can't be changed (even by root).
>
> Here is a short summary:
>
> Packages:
> samba-4.10.4-11.el7_8.x86_64
> samba-client-libs-4.10.4-11.el7_8.x86_64
> samba-common-4.10.4-11.el7_8.noarch
> samba-common-libs-4.10.4-11.el7_8.x86_64
> samba-common-tools-4.10.4-11.el7_8.x86_64
> samba-libs-4.10.4-11.el7_8.x86_64
> samba-vfs-glusterfs-4.10.4-11.el7_8.x86_64
>
>
> TESTPARM:
>
> # Global parameters
> [global]
>? ??????? printcap name = cups
>? ??????? security = USER
>? ??????? workgroup = SAMBA
>? ??????? idmap config * : backend = tdb
>? ??????? cups options = raw
>
>
> [homes]
>? ??????? browseable = No
>? ??????? comment = Home Directories
>? ??????? inherit acls = Yes
>? ??????? read only = No
>? ??????? valid users = %S %D%w%S
>
>
> [printers]
>? ??????? browseable = No
>? ??????? comment = All Printers
>? ??????? create mask = 0600
>? ??????? path = /var/tmp
>? ??????? printable = Yes
>
>
> [print$]
>? ??????? comment = Printer Drivers
>? ??????? create mask = 0664
>? ??????? directory mask = 0775
>? ??????? force group = @printadmin
>? ??????? path = /var/lib/samba/drivers
>? ??????? write list = @printadmin root
>
>
> [gluster-replicate]
>? ??????? comment = For samba share of volume replicate
>? ??????? guest ok = Yes
>? ??????? inherit acls = Yes
>? ??????? kernel share modes = No
>? ??????? path = /
>? ??????? read only = No
>? ??????? vfs objects = glusterfs
>? ??????? glusterfs:loglevel = 7
>? ??????? glusterfs:logfile = /var/log/samba/glusterfs-replicate.%M.log
>? ??????? glusterfs:volume = replicate
>
> Shares ownership:
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser
> Password for smbuser@//servera/gluster-replicate:? ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxr-xr-x. 2 root root 0? 1 ??? 18,42 test
> -rwxr-xr-x. 1 root root 4? 1 ??? 18,49 test12
> -rwxr-xr-x. 1 root root 9? 1 ??? 18,51 test12345
> drwxr-xr-x. 2 root root 0? 1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
user=smbuser,vers=1.0
> Password for smbuser@//servera/gluster-replicate:? ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t glusterfs -o acl servera:/replicate /mnt
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096? 1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser??? 4? 1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser??? 9? 1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096? 1 ??? 18,49 test35
> [root at servera ~]#
>
>
> I'm pretty sure I'm missing something , but I have no idea what it
is. Any ideas why the share is viewable as "root" will be highly
appreciated.
>
>
> Thanks in advance.
>
> Best Regards,
> Strahil NIkolov
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba

On Wed, 2020-07-01 at 16:08 +0000, Strahil Nikolov via samba
wrote:
> Hello All,
> 
> I'm new to the list and I don't have much of experience with samba.
> 
> I have a test setup on CentOS 7.8 with samba-4.10.4 and samba-vfs-
> glusterfs .
> When my client mounts the samba share via vers=1.0 , the user sees
> the share properly (uid,gid,mode are just like on gluster). When the
> share is mounted with vers=2.0 or not specified (anything higher) the
> files are owned by root/root and can't be changed (even by root).
> 
> Here is a short summary:
> 
> Packages:
> samba-4.10.4-11.el7_8.x86_64
> samba-client-libs-4.10.4-11.el7_8.x86_64
> samba-common-4.10.4-11.el7_8.noarch
> samba-common-libs-4.10.4-11.el7_8.x86_64
> samba-common-tools-4.10.4-11.el7_8.x86_64
> samba-libs-4.10.4-11.el7_8.x86_64
> samba-vfs-glusterfs-4.10.4-11.el7_8.x86_64
> 
> 
> TESTPARM:
> 
> # Global parameters
> [global]
>         printcap name = cups
>         security = USER
>         workgroup = SAMBA
>         idmap config * : backend = tdb
>         cups options = raw
> 
> 
> [homes]
>         browseable = No
>         comment = Home Directories
>         inherit acls = Yes
>         read only = No
>         valid users = %S %D%w%S
> 
> 
> [printers]
>         browseable = No
>         comment = All Printers
>         create mask = 0600
>         path = /var/tmp
>         printable = Yes
> 
> 
> [print$]
>         comment = Printer Drivers
>         create mask = 0664
>         directory mask = 0775
>         force group = @printadmin
>         path = /var/lib/samba/drivers
>         write list = @printadmin root
> 
> 
> [gluster-replicate]
>         comment = For samba share of volume replicate
>         guest ok = Yes
>         inherit acls = Yes
>         kernel share modes = No
>         path = /
>         read only = No
>         vfs objects = glusterfs
>         glusterfs:loglevel = 7
>         glusterfs:logfile = /var/log/samba/glusterfs-replicate.%M.log
>         glusterfs:volume = replicate
> 
> Shares ownership:
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
> user=smbuser
> Password for smbuser@//servera/gluster-replicate:  ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxr-xr-x. 2 root root 0  1 ??? 18,42 test
> -rwxr-xr-x. 1 root root 4  1 ??? 18,49 test12
> -rwxr-xr-x. 1 root root 9  1 ??? 18,51 test12345
> drwxr-xr-x. 2 root root 0  1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t cifs //servera/gluster-replicate /mnt -o
> user=smbuser,vers=1.0
> Password for smbuser@//servera/gluster-replicate:  ***
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096  1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser    4  1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser    9  1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096  1 ??? 18,49 test35
> [root at servera ~]# umount /mnt
> [root at servera ~]# mount -t glusterfs -o acl servera:/replicate /mnt
> [root at servera ~]# ls -l /mnt
> ???? 9
> drwxrwsrwx. 2 smbuser smbuser 4096  1 ??? 18,42 test
> -rw-r--r--. 1 smbuser smbuser    4  1 ??? 18,49 test12
> -rw-r--r--. 1 smbuser smbuser    9  1 ??? 18,51 test12345
> drwxr-sr-x. 2 smbuser smbuser 4096  1 ??? 18,49 test35
> [root at servera ~]#
> 
> 
> I'm pretty sure I'm missing something , but I have no idea what it
> is. Any ideas why the share is viewable as "root" will be highly
> appreciated.
Just because Samba server doesn't have UNIX extensions support for
SMB2+ yet :-( This is currently in active development.

But you can find more details on file/directory owners and permissions
from mount.cifs(8)[1] manual page under the section "File And Directory
Ownership And Permissions".

[1] https://linux.die.net/man/8/mount.cifs
Note:- above link is quite old but should cover necessary points to be
remembered.


Thanks,
Anoop C S.