maillists_samba at diversity.nl
2022-Apr-30 06:07 UTC
[Samba] samba share not allowing owner of folder
In the meantime I have added the vfs objects = acl_xattr to the global section I changed the chmod to 770 recursivly I changed the owner (chown) to root:root recursivly I added the proxmox user to the acl using setfacl I am still failing ;( What am I missing? # testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_STANDALONE # Global parameters [global] log file = /var/log/samba/log.%m logging = file map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server role = standalone server unix password sync = Yes idmap config * : backend = tdb vfs objects = acl_xattr [proxmox-trx40] comment = Aiii inherit permissions = Yes path = /{redacted}/hypervisors/proxmox/trx40_1 read only = No valid users = master proxmox ls -l /{redacted}/ drwxrwx---+ 3 root root 3 Mar 24 18:04 hypervisors getfacl hypervisors # file: hypervisors # owner: root # group: root user::rwx user:master:rwx user:proxmox:rwx group::rwx mask::rwx other::--- smbclient "\\\\{redacted}\\proxmox-trx40" -U proxmox Enter WORKGROUP\proxmox's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \> On 11-04-2022 13:02, Rowland Penny via samba wrote:> On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba wrote: >> How to allow the owner of a folder that is shared access to that >> share? >> >> I have; >> >> Samba version 4.13.13-Debian >> >> # testparm -s >> Load smb config files from /etc/samba/smb.conf >> Loaded services file OK. >> Weak crypto is allowed >> Server role: ROLE_STANDALONE >> >> ---------- >> # Global parameters >> [global] >> log file = /var/log/samba/log.%m >> logging = file >> map to guest = Bad User >> max log size = 1000 >> obey pam restrictions = Yes >> pam password change = Yes >> panic action = /usr/share/samba/panic-action %d >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> passwd program = /usr/bin/passwd %u >> server role = standalone server >> unix password sync = Yes >> usershare allow guests = Yes >> idmap config * : backend = tdb >> >> [proxmox-trx40] >> comment = Aiii >> inherit permissions = Yes >> path = /{redacted}/hypervisors/proxmox/trx40_1 >> read only = No >> valid users = proxmox >> >> ---------- >> >> ls -l /{redacted}/ >> >> drwxrwx---+ 3 proxmox proxmox 3 Mar 24 18:04 hypervisors > > On the face of it, only 'proxmox' and members of the 'proxmox' group > can enter the hypervisors directory, but notice the '+' on the end of > the permissions, this means that you have extended ACLs set. However > you are missing a parameter in the smb.conf global section. > > Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read > up on 'setfacl' and 'getfacl'. > > Rowland
maillists_samba at diversity.nl
2022-Apr-30 11:04 UTC
[Samba] samba share not allowing owner of folder
a possible important detail I forgot to mention is that the filesystem is ZFS. Does that matter? Just to be complete in info I'll include extra info on how the filesystem is set * acltype=posixacl * aclmode=discard * aclinherit=discard -------- Original Message -------- Subject: Re: [Samba] samba share not allowing owner of folder Date: 30-04-2022 08:07 From: maillists_samba at diversity.nl To: samba at lists.samba.org In the meantime I have added the vfs objects = acl_xattr to the global section I changed the chmod to 770 recursivly I changed the owner (chown) to root:root recursivly I added the proxmox user to the acl using setfacl I am still failing ;( What am I missing? # testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_STANDALONE # Global parameters [global] log file = /var/log/samba/log.%m logging = file map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server role = standalone server unix password sync = Yes idmap config * : backend = tdb vfs objects = acl_xattr [proxmox-trx40] comment = Aiii inherit permissions = Yes path = /{redacted}/hypervisors/proxmox/trx40_1 read only = No valid users = master proxmox ls -l /{redacted}/ drwxrwx---+ 3 root root 3 Mar 24 18:04 hypervisors getfacl hypervisors # file: hypervisors # owner: root # group: root user::rwx user:master:rwx user:proxmox:rwx group::rwx mask::rwx other::--- smbclient "\\\\{redacted}\\proxmox-trx40" -U proxmox Enter WORKGROUP\proxmox's password: Try "help" to get a list of possible commands. smb: \> ls NT_STATUS_ACCESS_DENIED listing \* smb: \> On 11-04-2022 13:02, Rowland Penny via samba wrote:> On Mon, 2022-04-11 at 12:30 +0200, maillists_samba--- via samba wrote: >> How to allow the owner of a folder that is shared access to that >> share? >> >> I have; >> >> Samba version 4.13.13-Debian >> >> # testparm -s >> Load smb config files from /etc/samba/smb.conf >> Loaded services file OK. >> Weak crypto is allowed >> Server role: ROLE_STANDALONE >> >> ---------- >> # Global parameters >> [global] >> log file = /var/log/samba/log.%m >> logging = file >> map to guest = Bad User >> max log size = 1000 >> obey pam restrictions = Yes >> pam password change = Yes >> panic action = /usr/share/samba/panic-action %d >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> passwd program = /usr/bin/passwd %u >> server role = standalone server >> unix password sync = Yes >> usershare allow guests = Yes >> idmap config * : backend = tdb >> >> [proxmox-trx40] >> comment = Aiii >> inherit permissions = Yes >> path = /{redacted}/hypervisors/proxmox/trx40_1 >> read only = No >> valid users = proxmox >> >> ---------- >> >> ls -l /{redacted}/ >> >> drwxrwx---+ 3 proxmox proxmox 3 Mar 24 18:04 hypervisors > > On the face of it, only 'proxmox' and members of the 'proxmox' group > can enter the hypervisors directory, but notice the '+' on the end of > the permissions, this means that you have extended ACLs set. However > you are missing a parameter in the smb.conf global section. > > Add 'vfs objects = acl_xattr' to smb.conf, restart Samba and then read > up on 'setfacl' and 'getfacl'. > > Rowland