samba - Nov 2021 - Read Only files, Extended Attributes and Microsoft Office Documents

Hello Samba gurus,

Hope you can help.

A server that has been fine for years, is now causing a small problem.

Staff cannot open a Microsoft Word or Excel file to re-edit it if someone else
has created it.

This WAS possible and was working fine before a recent Ubuntu server update.

The error shown in Word or Excel is 'file compatibility mode - opening as
read only'.

To debug this, they created a test folder and saved both a simple text file and
a Word document in the folder.

If they go to another computer and edit the text file it works with no problem.

If they go to another computer and edit the Word document, it does not work as
before.

Here is the output of 'testparm -s' from Samba version 4.3.11-Ubuntu ...


[global]
	workgroup = SANITISED
	server string = %h server (Samba, Ubuntu)
	server role = standalone server
	map to guest = Bad User
	obey pam restrictions = Yes
	passdb backend = smbpasswd
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	username map = /etc/samba/username_map.txt
	unix password sync = Yes
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	load printers = No
	domain master = No
	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	idmap config * : backend = tdb
	printing = bsd

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[shared]
	comment = Shared file space
	path = /home/samba/shared
	force group = users
	group = users
	read only = No
	create mode = 0664
	force create mode = 0664
	directory mode = 0775
	force directory mode = 0775
	inherit permissions = Yes
	guest ok = Yes


Here is the directory listing as seen from the Linux shell ...

drwxrwxr-x   2  jbloggs   users 4.0K 2021-11-10 17:41 Penguin    <-- folder
permissions

-rwxrwxr--+  1  jsmith    users  22K 2021-11-10 17:40 Hello hello hello.doc
-rw-rw-r--   1  jbloggs   users   29 2021-11-10 17:39 Test 2.txt


I spotted a + symbol at the end of the Word document and some other files on the
server.

Desktops are all on Windows 10 Professional and fully patched.

Is there a connection between the extended attributes and the Microsoft
document?

Is there a setting in Microsoft Office I need to change?

Is there a setting on the Samba server I need to change?

As always, thanks for your help in advance.

Regards,

Paully

On Thu, 2021-11-11 at 12:24 +0000, Paul Littlefield via samba
wrote:
> Hello Samba gurus,
> 
> Hope you can help.
> 
> A server that has been fine for years, is now causing a small
> problem.
> 
> Staff cannot open a Microsoft Word or Excel file to re-edit it if
> someone else has created it.
> 
> This WAS possible and was working fine before a recent Ubuntu server
> update.
> 
> The error shown in Word or Excel is 'file compatibility mode -
> opening as read only'.
> 
> To debug this, they created a test folder and saved both a simple
> text file and a Word document in the folder.
> 
> If they go to another computer and edit the text file it works with
> no problem.
> 
> If they go to another computer and edit the Word document, it does
> not work as before.
> 
> Here is the output of 'testparm -s' from Samba version
4.3.11-Ubuntu
Samba 4.3.11 is dead as far as Samba is concerned, I suggest you
upgrade, if you do have a problem, you have no chance of getting it
fixed in that version and it may have been fixed in a later version.
 
> ...
> 
> 
> [global]
> 	workgroup = SANITISED
> 	server string = %h server (Samba, Ubuntu)
> 	server role = standalone server
> 	map to guest = Bad User
> 	obey pam restrictions = Yes
> 	passdb backend = smbpasswd
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	username map = /etc/samba/username_map.txt
> 	unix password sync = Yes
> 	syslog = 0
> 	log file = /var/log/samba/log.%m
> 	max log size = 1000
> 	load printers = No
> 	domain master = No
> 	dns proxy = No
> 	usershare allow guests = Yes
> 	panic action = /usr/share/samba/panic-action %d
> 	idmap config * : backend = tdb
> 	printing = bsd
> 
> [homes]
> 	comment = Home Directories
> 	read only = No
> 	browseable = No
> 
> [shared]
> 	comment = Shared file space
> 	path = /home/samba/shared
> 	force group = users
> 	group = users
> 	read only = No
> 	create mode = 0664
> 	force create mode = 0664
> 	directory mode = 0775
> 	force directory mode = 0775
> 	inherit permissions = Yes
> 	guest ok = Yes
> 
> 
> Here is the directory listing as seen from the Linux shell ...
> 
> drwxrwxr-x   2  jbloggs   users 4.0K 2021-11-10 17:41 Penguin    <--
> folder permissions
> 
> -rwxrwxr--+  1  jsmith    users  22K 2021-11-10 17:40 Hello hello
> hello.doc
> -rw-rw-r--   1  jbloggs   users   29 2021-11-10 17:39 Test 2.txt
> 
> 
> I spotted a + symbol at the end of the Word document and some other
> files on the server.
That '+' shows that extended ACL's exist, you can see these with
'getfacl'
> 
> Desktops are all on Windows 10 Professional and fully patched.
Are they members of a domain ? If so, why are you running Samba as a
standalone server ?

Rowland

These. 
> [shared]
> 	comment = Shared file space
> 	path = /home/samba/shared
> 	force group = users
> 	group = users
> 	read only = No
> 	create mode = 0664
> 	force create mode = 0664
> 	directory mode = 0775
> 	force directory mode = 0775
> 	inherit permissions = Yes
> 	guest ok = Yes
Read : 
https://chmodcommand.com/chmod-2775/ 
And change the directory mode. 

This .. 
> A server that has been fine for years, is now causing a small problem.
No, the server is not changed, the clients did. 
The longer you wait with updating the server, the harder it will get to keep
everything running. 
> This WAS possible and was working fine before a recent Ubuntu server
update.
+ and windows updates


This part. 
> That '+' shows that extended ACL's exist, you can see these
with 'getfacl'.
Thanks, here is the output of 'getfacl' on the test folder...

You say, the .txt and the .doc is saved from a windows pc. 
Thats true but also no true. 

After you opened and you save a .txt, its save and done. 
After you opened a word doc, its ~RanD0m.tmp , press save and ~RanD0m.tmp is
renamed to the .doc name.

As you see these 2 process are not simular. 
Oplocks can bug the .doc where .txt doesnt have that. (as far i know then). 

Now, why the .txt does not have a acl set and the .doc.. Saved from the same pc?
Thats one i dont know also. 

So, 2 solutions here. 

1) set 2775 on the folders and hope for the best in the future.
2) update the servers and for see a great future without/less hassel. 

And remember, less is better, less installed, less thing changed in smb.conf. 

I hope this helped a bit. 

Greetz, 

Louis