samba - Jan 2021 - Is it possible to 'getfacl' on a mounted samba share ?

On 24/01/2021 18:26, Nicola Mingotti wrote:
>
> Thank you for your feedback Rowland.
>
> I tried as you suggest, both parameters are now in? [global]? and I 
> removed them from [sambaDisk].
> Rebooted all machines a few times but unfortunately still it does not 
> want to work.

If you run:

ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi

and:

ls -lad /mnt/discoR/Borghi

Do you get a '+' sign after the Unix permissions ?

e.g. ls -lad /srv/www/htdocs/testshare

drwxrwx---+ 2 root domain users 4096 Oct 28? 2019 /srv/www/htdocs/testshare

 ?I am assuming 'Borghi' is a directory.

Are both the acl and attr packages installed ?

Rowland

Hi Rowland,

Still it is not working but I can give you some extra info.

. Installed packages
p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2,"
",$3}'
ii acl????? 2.2.53-4
ii attr????? 1:2.4.48-4
ii fonts-quicksand????? 0.2016-2
ii libacl1:amd64????? 2.2.53-4
ii libattr1:amd64????? 1:2.4.48-4
ii python3-xattr????? 0.9.6-1
ii spice-client-glib-usb-acl-helper????? 0.35-2
ii xattr????? 0.9.6-1
=> This is a superset of what i see in machine 'nas' so i guess it 
should be fine.

. Do I see the '+' in 'ls' ? No
p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
total 1024
drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi
drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio

. The same applies if I do it through a domain user:
WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
total 1024
drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi
drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio

. But I see the '+' from the machine 'nas'
p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
total 252
drwxrwx---+? 7 root adm??? 4096 Oct? 5 14:49 Applicativi
drwxrwx---+ 10 root adm??? 4096 Dec? 7 16:05 Archivio

. I can see the '+' in 'linte' if i define my self a permission
there
 ? also, in that case 'getfacl' works as expected.
p at linte> cd .
p at linte> touch test.txt
p at linte> sudo groupadd testgroup
p at linte> setfacl -m g:testgroup:000 test.txt
p at linte> ls -l | grep test.txt
-rw-r--r--+ 1 p p??? 0 Jan 25 09:44 test.txt
p at linte> getfacl test.txt
# file: test.txt
# owner: p
# group: p
user::rw-
group::r--
group:testgroup:---
mask::r--
other::r--

. I tried to toggle several parameters in /etc/fstab without success:
------- /etc/fstab --------------
# / was on /dev/vda1 during installation
UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4??? 
user_xattr,acl,errors=remount-ro 0?????? 1
...
# mount disco R
//nas.borghi.lan/sambaDisk/DiscoS/??? /mnt/discoR?? cifs 
cifsacl,credentials=/usr/local/etc/discoR.credentials??? 0??? 0
---------------------------------

. For completeness i add the Samba configuration of 'linte' which
 ? is there just to let 'linte' join the Windows domain at the moment.
---------------- /etc/samba/smb.conf -----------------------------------
[global]
 ?? workgroup = WINDOM
 ?? security = ADS
 ?? realm = WINDOM.BORGHI.LAN

 ?? winbind refresh tickets = Yes
 ?? vfs objects = acl_xattr
 ?? map acl inherit = Yes
 ?? store dos attributes = Yes

 ?? dedicated keytab file = /etc/krb5.keytab
 ?? kerberos method = secrets and keytab

 ?? # ho un solo dominio, quindi mi conviene non dover digitare sempre
 ?? # user invece di "WINDOM\user"
 ?? # winbind use default domain = yes

 ?? # rimuovere dopo il testing
 ?? winbind enum users = yes
 ?? winbind enum groups = yes

 ?? # disable printing
 ?? load printers = no
 ?? printing = bsd
 ?? printcap name = /dev/null
 ?? disable spoolss = yes

 ?? # logs
 ?? log file = /var/log/samba/%m.log
 ?? log level = 1

 ?? # ---- ID mapping backend rid -------
 ?? # Default ID mapping configuration for local BUILTIN accounts
 ?? # and groups on a domain member. The default (*) domain:
 ?? # - must not overlap with any domain ID mapping configuration!
 ?? # - must use a read-write-enabled back end, such as tdb.
 ?? idmap config * : backend = tdb
 ?? idmap config * : range = 3000-7999
 ?? # - You must set a DOMAIN backend configuration
 ?? # idmap config for the SAMDOM domain
 ?? idmap config SAMDOM : backend = rid
 ?? idmap config SAMDOM : range = 10000-999999

 ?? # Template settings for login shell and home directory
 ?? template shell = /bin/bash
 ?? template homedir = /home/WINDOM-%U

 ?? # mappare "Administrator" a "root"
 ?? username map = /usr/local/samba/etc/user.map

# directory che funge da disco in condivisione
# ok- this is working !
# [sambaDisk]
#?????? path = /home/WINDOM-nicola/testSamba
#?????? read only = no
#?????? vfs objects = shadow_copy2
#?????? shadow:snapdir = /home/WINDOM-nicola/snapshots
#?????? shadow:basedir = /home/WINDOM-nicola/testSamba
#?????? shadow:sort = desc


# [sambaDisk]
#?????? path = /home/WINDOM-nicola/testSamba
#?????? read only = no
#?????? vfs objects = shadow_copy2
#?????? shadow:mountpoint = /home/WINDOM-nicola/testSamba
#?????? # richiesto relative se si usa 'snapdirseverywhere'
#?????? shadow:snapdir = snapshots
#?????? # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
#?????? # shadow:basedir = toSnap
#?????? shadow:sort = desc
#?????? # shadow:localtime = yes
#?????? # shadow:format = '%Y.%m.%d-%H.%M.%S'
#?????? shadow:snapdirseverywhere = yes

------------------------------------------------------------------------


Do you have any other ideas ?

Thank you for your help in any case !

bye
Nicola




On 1/24/21 7:47 PM, Rowland penny via samba wrote:
> On 24/01/2021 18:26, Nicola Mingotti wrote:
>>
>> Thank you for your feedback Rowland.
>>
>> I tried as you suggest, both parameters are now in? [global] and I 
>> removed them from [sambaDisk].
>> Rebooted all machines a few times but unfortunately still it does not 
>> want to work.
>
>
> If you run:
>
> ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
>
> and:
>
> ls -lad /mnt/discoR/Borghi
>
> Do you get a '+' sign after the Unix permissions ?
>
> e.g. ls -lad /srv/www/htdocs/testshare
>
> drwxrwx---+ 2 root domain users 4096 Oct 28? 2019 
> /srv/www/htdocs/testshare
>
> ?I am assuming 'Borghi' is a directory.
>
> Are both the acl and attr packages installed ?
>
> Rowland
>
>
>
>
>

Hai Nico, 

what does this give you as result on that Nas.
tune2fs -l /dev/XXX1  | grep "Default mount options:" 
(change XXX to disk offcourse). 

Do you get this back? 
Default mount options:    user_xattr acl

if not, try tune2fs -o acl /dev/XXX1


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti
> via samba
> Verzonden: maandag 25 januari 2021 10:01
> Aan: Rowland penny; sambalist
> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted
samba
> share ?
> 
> 
> Hi Rowland,
> 
> Still it is not working but I can give you some extra info.
> 
> . Installed packages
> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print
$1,$2," ",$3}'
> ii acl????? 2.2.53-4
> ii attr????? 1:2.4.48-4
> ii fonts-quicksand????? 0.2016-2
> ii libacl1:amd64????? 2.2.53-4
> ii libattr1:amd64????? 1:2.4.48-4
> ii python3-xattr????? 0.9.6-1
> ii spice-client-glib-usb-acl-helper????? 0.35-2
> ii xattr????? 0.9.6-1
> => This is a superset of what i see in machine 'nas' so i guess
it
> should be fine.
> 
> . Do I see the '+' in 'ls' ? No
> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi
> drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio
> 
> . The same applies if I do it through a domain user:
> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3
> total 1024
> drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi
> drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio
> 
> . But I see the '+' from the machine 'nas'
> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3
> total 252
> drwxrwx---+? 7 root adm??? 4096 Oct? 5 14:49 Applicativi
> drwxrwx---+ 10 root adm??? 4096 Dec? 7 16:05 Archivio
> 
> . I can see the '+' in 'linte' if i define my self a
permission there
>  ? also, in that case 'getfacl' works as expected.
> p at linte> cd .
> p at linte> touch test.txt
> p at linte> sudo groupadd testgroup
> p at linte> setfacl -m g:testgroup:000 test.txt
> p at linte> ls -l | grep test.txt
> -rw-r--r--+ 1 p p??? 0 Jan 25 09:44 test.txt
> p at linte> getfacl test.txt
> # file: test.txt
> # owner: p
> # group: p
> user::rw-
> group::r--
> group:testgroup:---
> mask::r--
> other::r--
> 
> . I tried to toggle several parameters in /etc/fstab without success:
> ------- /etc/fstab --------------
> # / was on /dev/vda1 during installation
> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4
> user_xattr,acl,errors=remount-ro 0?????? 1
> ...
> # mount disco R
> //nas.borghi.lan/sambaDisk/DiscoS/??? /mnt/discoR?? cifs
> cifsacl,credentials=/usr/local/etc/discoR.credentials??? 0??? 0
> ---------------------------------
> 
> . For completeness i add the Samba configuration of 'linte' which
>  ? is there just to let 'linte' join the Windows domain at the
moment.
> ---------------- /etc/samba/smb.conf -----------------------------------
> [global]
>  ?? workgroup = WINDOM
>  ?? security = ADS
>  ?? realm = WINDOM.BORGHI.LAN
> 
>  ?? winbind refresh tickets = Yes
>  ?? vfs objects = acl_xattr
>  ?? map acl inherit = Yes
>  ?? store dos attributes = Yes
> 
>  ?? dedicated keytab file = /etc/krb5.keytab
>  ?? kerberos method = secrets and keytab
> 
>  ?? # ho un solo dominio, quindi mi conviene non dover digitare sempre
>  ?? # user invece di "WINDOM\user"
>  ?? # winbind use default domain = yes
> 
>  ?? # rimuovere dopo il testing
>  ?? winbind enum users = yes
>  ?? winbind enum groups = yes
> 
>  ?? # disable printing
>  ?? load printers = no
>  ?? printing = bsd
>  ?? printcap name = /dev/null
>  ?? disable spoolss = yes
> 
>  ?? # logs
>  ?? log file = /var/log/samba/%m.log
>  ?? log level = 1
> 
>  ?? # ---- ID mapping backend rid -------
>  ?? # Default ID mapping configuration for local BUILTIN accounts
>  ?? # and groups on a domain member. The default (*) domain:
>  ?? # - must not overlap with any domain ID mapping configuration!
>  ?? # - must use a read-write-enabled back end, such as tdb.
>  ?? idmap config * : backend = tdb
>  ?? idmap config * : range = 3000-7999
>  ?? # - You must set a DOMAIN backend configuration
>  ?? # idmap config for the SAMDOM domain
>  ?? idmap config SAMDOM : backend = rid
>  ?? idmap config SAMDOM : range = 10000-999999
> 
>  ?? # Template settings for login shell and home directory
>  ?? template shell = /bin/bash
>  ?? template homedir = /home/WINDOM-%U
> 
>  ?? # mappare "Administrator" a "root"
>  ?? username map = /usr/local/samba/etc/user.map
> 
> # directory che funge da disco in condivisione
> # ok- this is working !
> # [sambaDisk]
> #?????? path = /home/WINDOM-nicola/testSamba
> #?????? read only = no
> #?????? vfs objects = shadow_copy2
> #?????? shadow:snapdir = /home/WINDOM-nicola/snapshots
> #?????? shadow:basedir = /home/WINDOM-nicola/testSamba
> #?????? shadow:sort = desc
> 
> 
> # [sambaDisk]
> #?????? path = /home/WINDOM-nicola/testSamba
> #?????? read only = no
> #?????? vfs objects = shadow_copy2
> #?????? shadow:mountpoint = /home/WINDOM-nicola/testSamba
> #?????? # richiesto relative se si usa 'snapdirseverywhere'
> #?????? shadow:snapdir = snapshots
> #?????? # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots
> #?????? # shadow:basedir = toSnap
> #?????? shadow:sort = desc
> #?????? # shadow:localtime = yes
> #?????? # shadow:format = '%Y.%m.%d-%H.%M.%S'
> #?????? shadow:snapdirseverywhere = yes
> 
> ------------------------------------------------------------------------
> 
> 
> Do you have any other ideas ?
> 
> Thank you for your help in any case !
> 
> bye
> Nicola
> 
> 
> 
> 
> On 1/24/21 7:47 PM, Rowland penny via samba wrote:
> > On 24/01/2021 18:26, Nicola Mingotti wrote:
> >>
> >> Thank you for your feedback Rowland.
> >>
> >> I tried as you suggest, both parameters are now in? [global] and I
> >> removed them from [sambaDisk].
> >> Rebooted all machines a few times but unfortunately still it does
not
> >> want to work.
> >
> >
> > If you run:
> >
> > ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi
> >
> > and:
> >
> > ls -lad /mnt/discoR/Borghi
> >
> > Do you get a '+' sign after the Unix permissions ?
> >
> > e.g. ls -lad /srv/www/htdocs/testshare
> >
> > drwxrwx---+ 2 root domain users 4096 Oct 28? 2019
> > /srv/www/htdocs/testshare
> >
> > ?I am assuming 'Borghi' is a directory.
> >
> > Are both the acl and attr packages installed ?
> >
> > Rowland
> >
> >
> >
> >
> >
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba