On 10/06/2019 06:16, Tom?? Havl?n via samba wrote:> Good morning, > I have tried upgrade SAMBA to version 4.10.4 and my error still > exists. New created file has mask limited perrmisions if VFS:recycle > module is activated for share. If module is off, rights for new files > works corectly. I have it on 3 servers with Samba 4.10 and 4.9, one > server withj 4.8 works properly.There were changes made to the VFS ABI with the release of Samba 4.9.0, perhaps it is these that are causing your problem ? It might help if you post your smb.conf. Rowland
Hello
my smb.conf + working and no working ACL share folders
[global]
netbios name = FENIX
realm = PFCZ.INTRA
server role = active directory domain controller
workgroup = PFCZ
idmap_ldb:use rfc2307 = yes
dns forwarder = 10.254.254.1
unix extensions = no
wide links = yes
follow symlinks = yes
bind interfaces only = yes
interfaces = lo eno1
max log size = 150000
[netlogon]
path = /var/lib/samba/sysvol/pfcz.intra/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[share] - working VFS:recycle, original share
path = /mnt/data1/share
read only = no
[XXX] - no working VFS:recycle, testing share
path = /mnt/data1/XXX
read only = no
vfs object = recycle
recycle:repository = .deleted
recycle:keeptree = yes
recycle:touch = yes
recycle:version = yes
recycle:maxsize = 0
recycle:exclude = *.tmp
recycle:exclude_dir = /tmp
best regards
bB
------ P?vodn? zpr?va ------
Od: "Rowland penny via samba" <samba at lists.samba.org>
Komu: samba at lists.samba.org
Odesl?no: 10.06.2019 9:22:45
P?edm?t: Re: [Samba] SAMBA AD VFS:Recycle bad permissions
>On 10/06/2019 06:16, Tom?? Havl?n via samba wrote:
>>Good morning,
>>I have tried upgrade SAMBA to version 4.10.4 and my error still exists.
New created file has mask limited perrmisions if VFS:recycle module is activated
for share. If module is off, rights for new files works corectly. I have it on 3
servers with Samba 4.10 and 4.9, one server withj 4.8 works properly.
>
>There were changes made to the VFS ABI with the release of Samba 4.9.0,
perhaps it is these that are causing your problem ?
>
>It might help if you post your smb.conf.
>
>Rowland
>
>
>
>
>-- To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
On 10/06/2019 08:51, Tom?? Havl?n wrote:> Hello > my smb.conf + working and no working ACL share folders > > [global] > netbios name = FENIX > realm = PFCZ.INTRA > server role = active directory domain controller > workgroup = PFCZ > idmap_ldb:use rfc2307 = yes > dns forwarder = 10.254.254.1 > > unix extensions = no > wide links = yes > follow symlinks = yes > bind interfaces only = yes > interfaces = lo eno1 > max log size = 150000 > > [netlogon] > path = /var/lib/samba/sysvol/pfcz.intra/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [share] - working VFS:recycle, original share > ? ? path = /mnt/data1/share > ? ? read only = no > > [XXX] - no working?VFS:recycle, testing share > ? ? path = /mnt/data1/XXX > ? ? read only = no > ? ? vfs object = recycle > ? ? recycle:repository = .deleted > ? ? recycle:keeptree = yes > ? ? recycle:touch = yes > ? ? recycle:version = yes > ? ? recycle:maxsize = 0 > ? ? recycle:exclude = *.tmp > ? ? recycle:exclude_dir = /tmp > >It looks to me that the VFS changes have caused this. You are using a DC as a fileserver, this isn't recommended for? a start. On a DC , 'vfs objects = acl_xattr' is set by default, this means that 'inherit acls = yes' is set and you do not have a 'recycle:directory_mode' line, so you will be using the default '0700'. Put this all together and what you are getting is correct, don't ask me why it worked before, but not now. It looks like it was actually wrong before but correct now ;-) Rowland