CJ Keist
2010-Oct-01 14:15 UTC
[Samba] File permissions getting destroyed with M$ software on ZFS
All,
Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have
issues where we have shared group folders. In these folders a userA in
GroupA create file just fine with the correct inherited permissions
660. Problem is when userB in GroupA reads and modifies that file, with
M$ office apps, the permissions get whacked to 060+ and the file becomes
read only by everyone.
I did google this and found exactly someone else with the same
problem with a fix! But the fix is not working for me, so looking for
some more help and incite to this problem.
The following are the two URLs I found which looked like a fix to my
problem:
http://lists.samba.org/archive/samba/2008-November/145094.html
https://bugzilla.samba.org/show_bug.cgi?id=6050
I have implemented those settings, but I still see the problem of the
file permissions getting whacked.
Here is my conf file:
[global]
workgroup = ENGR_DOM
server string = Samba Server
interfaces = e1000g0, lo0
bind interfaces only = Yes
security = DOMAIN
passdb backend = smbpasswd
client NTLMv2 auth = Yes
map untrusted to domain = Yes
log level = 1
log file = /var/log/samba/logs/log.%m
name resolve order = host bcast
unix extensions = No
max open files = 10000
load printers = No
domain master = No
dns proxy = No
lock spin time = 3
veto oplock files =
/*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/
strict locking = No
[homes]
comment = Home Directories
read only = No
create mask = 0640
directory mask = 0751
force directory mode = 0751
directory security mask = 0750
inherit permissions = Yes
inherit owner = Yes
browseable = No
level2 oplocks = No
vfs objects = zfsacl
nfs4:acedup = merge
nfs4:mode = special
[ens]
comment = ENS Groups
path = /XKA2/admin/ENS
valid users = +admin
force group = admin
read only = No
create mask = 0770
directory mask = 02770
inherit permissions = Yes
inherit acls = Yes
map archive = No
map readonly = permissions
vfs objects = zfsacl
nfs4:acedup = merge
nfs4:mode = special
The issue is in the ENS share. I also have the ZFS file system aclmode
and aclinherit set to passthrough, see output of zfs get all:
kame % zfs get all fsdata/admin/ENS
NAME PROPERTY VALUE SOURCE
fsdata/admin/ENS type filesystem -
fsdata/admin/ENS creation Mon Mar 15 14:47 2010 -
fsdata/admin/ENS used 73.6G -
fsdata/admin/ENS available 9.35T -
fsdata/admin/ENS referenced 73.6G -
fsdata/admin/ENS compressratio 1.15x -
fsdata/admin/ENS mounted yes -
fsdata/admin/ENS quota none default
fsdata/admin/ENS reservation none default
fsdata/admin/ENS recordsize 64K inherited
from fsdata/admin
fsdata/admin/ENS mountpoint /XKA2/admin/ENS inherited
from fsdata
fsdata/admin/ENS sharenfs rw,anon=0 inherited
from fsdata/admin
fsdata/admin/ENS checksum on default
fsdata/admin/ENS compression on inherited
from fsdata
fsdata/admin/ENS atime off inherited
from fsdata
fsdata/admin/ENS devices on default
fsdata/admin/ENS exec on default
fsdata/admin/ENS setuid on default
fsdata/admin/ENS readonly off default
fsdata/admin/ENS zoned off default
fsdata/admin/ENS snapdir hidden default
fsdata/admin/ENS aclmode passthrough inherited
from fsdata/admin
fsdata/admin/ENS aclinherit passthrough inherited
from fsdata/admin
fsdata/admin/ENS canmount on default
fsdata/admin/ENS shareiscsi off default
fsdata/admin/ENS xattr on default
fsdata/admin/ENS copies 1 default
fsdata/admin/ENS version 4 -
fsdata/admin/ENS utf8only off -
fsdata/admin/ENS normalization none -
fsdata/admin/ENS casesensitivity sensitive -
fsdata/admin/ENS vscan off default
fsdata/admin/ENS nbmand off default
fsdata/admin/ENS sharesmb off default
fsdata/admin/ENS refquota none default
fsdata/admin/ENS refreservation none default
fsdata/admin/ENS primarycache all default
fsdata/admin/ENS secondarycache all default
fsdata/admin/ENS usedbysnapshots 0 -
fsdata/admin/ENS usedbydataset 73.6G -
fsdata/admin/ENS usedbychildren 0 -
fsdata/admin/ENS usedbyrefreservation 0 -
Has there been any other development on this issue?
--
C. J. Keist Email: cj.keist at colostate.edu
Systems Group Manager Phone: 970-491-0630
Engineering Network Services Fax: 970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'
CJ Keist
2010-Oct-01 19:57 UTC
[Samba] File permissions getting destroyed with M$ software on ZFS
Well,
I think I got it fixed, but not sure if it is the correct way.
This is what my share ens looks like now:
[ens]
comment = ENS Groups
path = /XKA2/admin/ENS
valid users = +admin
force group = admin
read only = No
create mask = 0770
force create mode = 0770
security mask = 0770
directory mask = 02770
inherit permissions = Yes
inherit acls = Yes
nt acl support = No
map archive = No
map readonly = permissions
store dos attributes = Yes
vfs objects = zfsacl
nfs4:acedup = merge
nfs4:mode = special
I changed "nt acl support" to No.
On 10/1/10 8:15 AM, CJ Keist wrote:> All,
> Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have
> issues where we have shared group folders. In these folders a userA
> in GroupA create file just fine with the correct inherited permissions
> 660. Problem is when userB in GroupA reads and modifies that file,
> with M$ office apps, the permissions get whacked to 060+ and the file
> becomes read only by everyone.
> I did google this and found exactly someone else with the same
> problem with a fix! But the fix is not working for me, so looking for
> some more help and incite to this problem.
>
> The following are the two URLs I found which looked like a fix to my
> problem:
>
> http://lists.samba.org/archive/samba/2008-November/145094.html
> https://bugzilla.samba.org/show_bug.cgi?id=6050
>
> I have implemented those settings, but I still see the problem of the
> file permissions getting whacked.
>
> Here is my conf file:
>
> [global]
> workgroup = ENGR_DOM
> server string = Samba Server
> interfaces = e1000g0, lo0
> bind interfaces only = Yes
> security = DOMAIN
> passdb backend = smbpasswd
> client NTLMv2 auth = Yes
> map untrusted to domain = Yes
> log level = 1
> log file = /var/log/samba/logs/log.%m
> name resolve order = host bcast
> unix extensions = No
> max open files = 10000
> load printers = No
> domain master = No
> dns proxy = No
> lock spin time = 3
> veto oplock files =
>
/*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/
> strict locking = No
>
> [homes]
> comment = Home Directories
> read only = No
> create mask = 0640
> directory mask = 0751
> force directory mode = 0751
> directory security mask = 0750
> inherit permissions = Yes
> inherit owner = Yes
> browseable = No
> level2 oplocks = No
> vfs objects = zfsacl
> nfs4:acedup = merge
> nfs4:mode = special
>
> [ens]
> comment = ENS Groups
> path = /XKA2/admin/ENS
> valid users = +admin
> force group = admin
> read only = No
> create mask = 0770
> directory mask = 02770
> inherit permissions = Yes
> inherit acls = Yes
> map archive = No
> map readonly = permissions
> vfs objects = zfsacl
> nfs4:acedup = merge
> nfs4:mode = special
>
> The issue is in the ENS share. I also have the ZFS file system
> aclmode and aclinherit set to passthrough, see output of zfs get all:
>
> kame % zfs get all fsdata/admin/ENS
> NAME PROPERTY VALUE SOURCE
> fsdata/admin/ENS type filesystem -
> fsdata/admin/ENS creation Mon Mar 15 14:47 2010 -
> fsdata/admin/ENS used 73.6G -
> fsdata/admin/ENS available 9.35T -
> fsdata/admin/ENS referenced 73.6G -
> fsdata/admin/ENS compressratio 1.15x -
> fsdata/admin/ENS mounted yes -
> fsdata/admin/ENS quota none default
> fsdata/admin/ENS reservation none default
> fsdata/admin/ENS recordsize 64K
> inherited from fsdata/admin
> fsdata/admin/ENS mountpoint /XKA2/admin/ENS
> inherited from fsdata
> fsdata/admin/ENS sharenfs rw,anon=0
> inherited from fsdata/admin
> fsdata/admin/ENS checksum on default
> fsdata/admin/ENS compression on
> inherited from fsdata
> fsdata/admin/ENS atime off
> inherited from fsdata
> fsdata/admin/ENS devices on default
> fsdata/admin/ENS exec on default
> fsdata/admin/ENS setuid on default
> fsdata/admin/ENS readonly off default
> fsdata/admin/ENS zoned off default
> fsdata/admin/ENS snapdir hidden default
> fsdata/admin/ENS aclmode passthrough
> inherited from fsdata/admin
> fsdata/admin/ENS aclinherit passthrough
> inherited from fsdata/admin
> fsdata/admin/ENS canmount on default
> fsdata/admin/ENS shareiscsi off default
> fsdata/admin/ENS xattr on default
> fsdata/admin/ENS copies 1 default
> fsdata/admin/ENS version 4 -
> fsdata/admin/ENS utf8only off -
> fsdata/admin/ENS normalization none -
> fsdata/admin/ENS casesensitivity sensitive -
> fsdata/admin/ENS vscan off default
> fsdata/admin/ENS nbmand off default
> fsdata/admin/ENS sharesmb off default
> fsdata/admin/ENS refquota none default
> fsdata/admin/ENS refreservation none default
> fsdata/admin/ENS primarycache all default
> fsdata/admin/ENS secondarycache all default
> fsdata/admin/ENS usedbysnapshots 0 -
> fsdata/admin/ENS usedbydataset 73.6G -
> fsdata/admin/ENS usedbychildren 0 -
> fsdata/admin/ENS usedbyrefreservation 0 -
>
> Has there been any other development on this issue?
>
>
--
C. J. Keist Email: cj.keist at colostate.edu
Systems Group Manager Phone: 970-491-0630
Engineering Network Services Fax: 970-491-5569
College of Engineering, CSU
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'