Hi all, I've upgraded a Debian server that was still running 3.6.20 to the current Debian stable with samba 4.9.5. The smb.conf file hasn't been changed and has many weird entries, but the big problem is that ACLs behaviour completely changed. Typically, when copying/moving files, they get entirely different rights than the source. On-disk ACLs haven't been changed, so I suppose that's the Samba default that have. I don't want to try randomly enabling / disabling posix acls / inherit acls settings... Here's the smb.conf: [global] block size = 4096 directory mask = 0775 disable spoolss = yes dns proxy = no domain master = no encrypt passwords = true guest account = nobody idmap gid = 10000-20000 idmap uid = 10000-20000 invalid users = root load printers = no local master = no max log size = 1000 name resolve order = wins lmhosts host bcast nt acl support = yes obey pam restrictions = yes os level = 20 panic action = /usr/share/samba/panic-action %d passdb backend = tdbsam passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd program = /usr/bin/passwd %u preferred master = no preserve case = yes printcap name = /dev/null printing = bsd security = user server string = %h server (Samba %v) short preserve case = yes syslog = 0; syslog only = no template shell = /bin/false unix password sync = yes winbind cache time = 10 winbind enum groups = yes winbind enum users = yes winbind separator = + wins server = 127.0.0.1 wins support = no workgroup = WORKGROUP usershare max shares = 0 [Masters] writeable = yes path = /mnt/raid/Masters (there are other shares, but exact same settings). The directory mask setting have been added to try to change the behaviour, to no avail. Cheers, -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 163 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20210226/34e65209/attachment.sig>
On 26/02/2021 14:27, Emmanuel Florac via samba wrote:> Hi all, > > I've upgraded a Debian server that was still running 3.6.20 to the > current Debian stable with samba 4.9.5. The smb.conf file hasn't been > changed and has many weird entries, but the big problem is that ACLs > behaviour completely changed. > > Typically, when copying/moving files, they get entirely different > rights than the source. On-disk ACLs haven't been changed, so I suppose > that's the Samba default that have. I don't want to try randomly > enabling / disabling posix acls / inherit acls settings... > > > Here's the smb.conf: > > [global] > block size = 4096 > directory mask = 0775 > disable spoolss = yes > dns proxy = no > domain master = no > encrypt passwords = true > guest account = nobody > idmap gid = 10000-20000 > idmap uid = 10000-20000 > invalid users = root > load printers = no > local master = no > max log size = 1000 > name resolve order = wins lmhosts host bcast > nt acl support = yes > obey pam restrictions = yes > os level = 20 > panic action = /usr/share/samba/panic-action %d > passdb backend = tdbsam > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . passwd program = /usr/bin/passwd > %u preferred master = no > preserve case = yes > printcap name = /dev/null > printing = bsd > security = user > server string = %h server (Samba %v) > short preserve case = yes > syslog = 0; > syslog only = no > template shell = /bin/false > unix password sync = yes > winbind cache time = 10 > winbind enum groups = yes > winbind enum users = yes > winbind separator = + > wins server = 127.0.0.1 > wins support = no > workgroup = WORKGROUP > usershare max shares = 0 > > [Masters] > writeable = yes > path = /mnt/raid/MastersOK, how do you think you are running Samba ? As a standalone server or as a Unix domain member ? Your smb.conf seems to be a mixture of the two: 'security = user' == standalone server ??????? idmap gid = 10000-20000 ??????? idmap uid = 10000-20000 ??????? winbind cache time = 10 ??????? winbind enum groups = yes ??????? winbind enum users = yes ??????? winbind separator = + ??????? wins server = 127.0.0.1 The above lines would only be used on a Unix domain member (an NT4-style domain member), but the last line is curious. Rowland