Nicola Mingotti
2021-Jan-25 09:49 UTC
[Samba] Is it possible to 'getfacl' on a mounted samba share ?
Hi Luois, Going toward the path you suggest I get: p at linte> mount | grep ' / ' /dev/vda1 on / type ext4 (rw,relatime,errors=remount-ro) p at linte> sudo tune2fs -l /dev/vda1? | grep -i defa Default mount options:??? user_xattr acl Default directory hash:?? half_md4 But, then I checked another thing: p at linte> uname -a Linux linte 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux p at nas> uname -a Linux nas 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux => Given that both systems are Debian stable, it might be that kernel 4.19.0-13 has something broken regarding CIFS. I am going to try to change the kernel version and see what happens. bye Nicola On 1/25/21 10:31 AM, L.P.H. van Belle via samba wrote:> Hai Nico, > > what does this give you as result on that Nas. > tune2fs -l /dev/XXX1 | grep "Default mount options:" > (change XXX to disk offcourse). > > Do you get this back? > Default mount options: user_xattr acl > > if not, try tune2fs -o acl /dev/XXX1 > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nicola Mingotti >> via samba >> Verzonden: maandag 25 januari 2021 10:01 >> Aan: Rowland penny; sambalist >> Onderwerp: Re: [Samba] Is it possible to 'getfacl' on a mounted samba >> share ? >> >> >> Hi Rowland, >> >> Still it is not working but I can give you some extra info. >> >> . Installed packages >> p at linte> dpkg -l | grep 'acl\|attr' | awk '{print $1,$2," ",$3}' >> ii acl????? 2.2.53-4 >> ii attr????? 1:2.4.48-4 >> ii fonts-quicksand????? 0.2016-2 >> ii libacl1:amd64????? 2.2.53-4 >> ii libattr1:amd64????? 1:2.4.48-4 >> ii python3-xattr????? 0.9.6-1 >> ii spice-client-glib-usb-acl-helper????? 0.35-2 >> ii xattr????? 0.9.6-1 >> => This is a superset of what i see in machine 'nas' so i guess it >> should be fine. >> >> . Do I see the '+' in 'ls' ? No >> p at linte> ls -l /mnt/discoR/Borghi/ | head -n 3 >> total 1024 >> drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi >> drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio >> >> . The same applies if I do it through a domain user: >> WINDOM\nicola at linte> ls -l /mnt/discoR/Borghi/ | head -n 3 >> total 1024 >> drwxr-xr-x 2 root root????? 0 Oct? 5 14:49 Applicativi >> drwxr-xr-x 2 root root????? 0 Dec? 7 16:05 Archivio >> >> . But I see the '+' from the machine 'nas' >> p at nas> ls -l /mnt/sambaShared/sambaDisk/DiscoS/Borghi/ | head -n 3 >> total 252 >> drwxrwx---+? 7 root adm??? 4096 Oct? 5 14:49 Applicativi >> drwxrwx---+ 10 root adm??? 4096 Dec? 7 16:05 Archivio >> >> . I can see the '+' in 'linte' if i define my self a permission there >> ? also, in that case 'getfacl' works as expected. >> p at linte> cd . >> p at linte> touch test.txt >> p at linte> sudo groupadd testgroup >> p at linte> setfacl -m g:testgroup:000 test.txt >> p at linte> ls -l | grep test.txt >> -rw-r--r--+ 1 p p??? 0 Jan 25 09:44 test.txt >> p at linte> getfacl test.txt >> # file: test.txt >> # owner: p >> # group: p >> user::rw- >> group::r-- >> group:testgroup:--- >> mask::r-- >> other::r-- >> >> . I tried to toggle several parameters in /etc/fstab without success: >> ------- /etc/fstab -------------- >> # / was on /dev/vda1 during installation >> UUID=5b450ed1-2951-4a2c-b444-22dc1509a275 / ext4 >> user_xattr,acl,errors=remount-ro 0?????? 1 >> ... >> # mount disco R >> //nas.borghi.lan/sambaDisk/DiscoS/??? /mnt/discoR?? cifs >> cifsacl,credentials=/usr/local/etc/discoR.credentials??? 0??? 0 >> --------------------------------- >> >> . For completeness i add the Samba configuration of 'linte' which >> ? is there just to let 'linte' join the Windows domain at the moment. >> ---------------- /etc/samba/smb.conf ----------------------------------- >> [global] >> ?? workgroup = WINDOM >> ?? security = ADS >> ?? realm = WINDOM.BORGHI.LAN >> >> ?? winbind refresh tickets = Yes >> ?? vfs objects = acl_xattr >> ?? map acl inherit = Yes >> ?? store dos attributes = Yes >> >> ?? dedicated keytab file = /etc/krb5.keytab >> ?? kerberos method = secrets and keytab >> >> ?? # ho un solo dominio, quindi mi conviene non dover digitare sempre >> ?? # user invece di "WINDOM\user" >> ?? # winbind use default domain = yes >> >> ?? # rimuovere dopo il testing >> ?? winbind enum users = yes >> ?? winbind enum groups = yes >> >> ?? # disable printing >> ?? load printers = no >> ?? printing = bsd >> ?? printcap name = /dev/null >> ?? disable spoolss = yes >> >> ?? # logs >> ?? log file = /var/log/samba/%m.log >> ?? log level = 1 >> >> ?? # ---- ID mapping backend rid ------- >> ?? # Default ID mapping configuration for local BUILTIN accounts >> ?? # and groups on a domain member. The default (*) domain: >> ?? # - must not overlap with any domain ID mapping configuration! >> ?? # - must use a read-write-enabled back end, such as tdb. >> ?? idmap config * : backend = tdb >> ?? idmap config * : range = 3000-7999 >> ?? # - You must set a DOMAIN backend configuration >> ?? # idmap config for the SAMDOM domain >> ?? idmap config SAMDOM : backend = rid >> ?? idmap config SAMDOM : range = 10000-999999 >> >> ?? # Template settings for login shell and home directory >> ?? template shell = /bin/bash >> ?? template homedir = /home/WINDOM-%U >> >> ?? # mappare "Administrator" a "root" >> ?? username map = /usr/local/samba/etc/user.map >> >> # directory che funge da disco in condivisione >> # ok- this is working ! >> # [sambaDisk] >> #?????? path = /home/WINDOM-nicola/testSamba >> #?????? read only = no >> #?????? vfs objects = shadow_copy2 >> #?????? shadow:snapdir = /home/WINDOM-nicola/snapshots >> #?????? shadow:basedir = /home/WINDOM-nicola/testSamba >> #?????? shadow:sort = desc >> >> >> # [sambaDisk] >> #?????? path = /home/WINDOM-nicola/testSamba >> #?????? read only = no >> #?????? vfs objects = shadow_copy2 >> #?????? shadow:mountpoint = /home/WINDOM-nicola/testSamba >> #?????? # richiesto relative se si usa 'snapdirseverywhere' >> #?????? shadow:snapdir = snapshots >> #?????? # shadow:snapdir = /home/WINDOM-nicola/testSamba/snapshots >> #?????? # shadow:basedir = toSnap >> #?????? shadow:sort = desc >> #?????? # shadow:localtime = yes >> #?????? # shadow:format = '%Y.%m.%d-%H.%M.%S' >> #?????? shadow:snapdirseverywhere = yes >> >> ------------------------------------------------------------------------ >> >> >> Do you have any other ideas ? >> >> Thank you for your help in any case ! >> >> bye >> Nicola >> >> >> >> >> On 1/24/21 7:47 PM, Rowland penny via samba wrote: >>> On 24/01/2021 18:26, Nicola Mingotti wrote: >>>> Thank you for your feedback Rowland. >>>> >>>> I tried as you suggest, both parameters are now in? [global] and I >>>> removed them from [sambaDisk]. >>>> Rebooted all machines a few times but unfortunately still it does not >>>> want to work. >>> >>> If you run: >>> >>> ls -lad /mnt/sambaShared/sambaDisk/DiscoS/Borghi >>> >>> and: >>> >>> ls -lad /mnt/discoR/Borghi >>> >>> Do you get a '+' sign after the Unix permissions ? >>> >>> e.g. ls -lad /srv/www/htdocs/testshare >>> >>> drwxrwx---+ 2 root domain users 4096 Oct 28? 2019 >>> /srv/www/htdocs/testshare >>> >>> ?I am assuming 'Borghi' is a directory. >>> >>> Are both the acl and attr packages installed ? >>> >>> Rowland >>> >>> >>> >>> >>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > >
Rowland penny
2021-Jan-25 10:00 UTC
[Samba] Is it possible to 'getfacl' on a mounted samba share ?
On 25/01/2021 09:49, Nicola Mingotti via samba wrote:> > Hi Luois, > > Going toward the path you suggest I get: > > p at linte> mount | grep ' / ' > /dev/vda1 on / type ext4 (rw,relatime,errors=remount-ro) > > p at linte> sudo tune2fs -l /dev/vda1? | grep -i defa > Default mount options:??? user_xattr acl > Default directory hash:?? half_md4 > > But, then I checked another thing: > > p at linte> uname -a > Linux linte 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) > x86_64 GNU/Linux > > p at nas> uname -a > Linux nas 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 > GNU/Linux > > => Given that both systems are Debian stable, it might be that kernel > 4.19.0-13 > has something broken regarding CIFS. > > I am going to try to change the kernel version and see what happens. >That should be easy, just run: apt update && apt upgrade I think we need more info here, can you download this script: https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh Run it on the computer, sanitise the output if required and post the output here, do not attach it to a post, this list strips attachments. Rowland