samba - Jan 2021 - Is it possible to 'getfacl' on a mounted samba share ?

On 24/01/2021 16:30, Nicola Mingotti via samba wrote:
> Hi,
>
> I have installed a Samba DC and a Samba based NAS to feed
> a mainly Windows computer network. It is all working very well.
>
> I am implementing the backup system right now and I found a problem 
> with permissions
> when working from Linux on the Samba shared directories.
>
> If i run "getfacl" and "setfacl"
> from the machine exporting the Samba disk it all works as expected. ok.
>
> I can see all files permission from Windows computers mounting the 
> Samba share. ok.
>
> But, If I try to run "getfacl" from a linux machine mounting the
> samba share I can't seen anything. Is it normal?

You have turned ACL's off on the 'sambaDisk' share by setting
'vfs
objects = acl_xattr' in global and then 'vfs objects = shadow_copy2'
in
the share, try setting 'vfs objects = shadow_copy2 acl_xattr' in global 
(where it will affect all shares) or in the share (where it will just 
affect the share).

Rowland

Thank you for your feedback Rowland.

I tried as you suggest, both parameters are now in? [global]? and I 
removed them from [sambaDisk].
Rebooted all machines a few times but unfortunately still it does not 
want to work.

=================================================== Machine
'nas.borghi.lan' the shared disk exporter?
========================================================. 'p' is a local
unix user in many of my systems
p at nas> getfacl /mnt/sambaShared/sambaDisk/DiscoS/Borghi/
user::rwx
group::r-x
group:WINDOM\\domain\040users:r-x
group:WINDOM\\domain\040admins:rwx
group:WINDOM\\g-leggitutto:r-x
group:WINDOM\\g-utentiufficio:r-x
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:WINDOM\\domain\040users:r-x
default:group:WINDOM\\domain\040admins:rwx
default:group:WINDOM\\g-leggitutto:r-x
default:group:WINDOM\\g-utentiufficio:r-x
default:mask::rwx
default:other::---

p at nas> sudo mount -v
/dev/vdb on /mnt/sambaShared type ext4 (rw,relatime,stripe=192)

================================================= machine
'linte.borghi.lan' a Linux joint to the Samba AD domain
===============================================. 'p' again is a local
user
p at linte> getfacl /mnt/discoR/Borghi/
# file: mnt/discoR/Borghi/
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

. I try with a Domain user 'WINDOM\nicola'
WINDOM\nicola at linte >? getfacl /mnt/discoR/Borghi/
SAME AS LATEST OUTPUT: NO INFO

p at linte> sudo mount -v
//nas.borghi.lan/sambaDisk/DiscoS/ on /mnt/discoR type cifs 
(rw,relatime,vers=default,cache=strict,username=nicola,domain=WINDOM,uid=0,noforceuid,gid=0,noforcegid,addr=172.16.3.38,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)

====================================== machine linux not joined into the
domain?? ==========================================> same result obtained in
'linte'.


Any other ideas I may try ? :)

bye
Nicola






On 1/24/21 6:02 PM, Rowland penny via samba wrote:
> On 24/01/2021 16:30, Nicola Mingotti via samba wrote:
>> Hi,
>>
>> I have installed a Samba DC and a Samba based NAS to feed
>> a mainly Windows computer network. It is all working very well.
>>
>> I am implementing the backup system right now and I found a problem 
>> with permissions
>> when working from Linux on the Samba shared directories.
>>
>> If i run "getfacl" and "setfacl"
>> from the machine exporting the Samba disk it all works as expected. ok.
>>
>> I can see all files permission from Windows computers mounting the 
>> Samba share. ok.
>>
>> But, If I try to run "getfacl" from a linux machine mounting
the
>> samba share I can't seen anything. Is it normal?
>
>
> You have turned ACL's off on the 'sambaDisk' share by setting
'vfs
> objects = acl_xattr' in global and then 'vfs objects =
shadow_copy2'
> in the share, try setting 'vfs objects = shadow_copy2 acl_xattr' in
> global (where it will affect all shares) or in the share (where it 
> will just affect the share).
>
> Rowland
>
>
>
>