samba - Nov 2021 - Read Only files, Extended Attributes and Microsoft Office Documents

On Thu, 2021-11-11 at 12:24 +0000, Paul Littlefield via samba
wrote:
> Hello Samba gurus,
> 
> Hope you can help.
> 
> A server that has been fine for years, is now causing a small
> problem.
> 
> Staff cannot open a Microsoft Word or Excel file to re-edit it if
> someone else has created it.
> 
> This WAS possible and was working fine before a recent Ubuntu server
> update.
> 
> The error shown in Word or Excel is 'file compatibility mode -
> opening as read only'.
> 
> To debug this, they created a test folder and saved both a simple
> text file and a Word document in the folder.
> 
> If they go to another computer and edit the text file it works with
> no problem.
> 
> If they go to another computer and edit the Word document, it does
> not work as before.
> 
> Here is the output of 'testparm -s' from Samba version
4.3.11-Ubuntu
Samba 4.3.11 is dead as far as Samba is concerned, I suggest you
upgrade, if you do have a problem, you have no chance of getting it
fixed in that version and it may have been fixed in a later version.
 
> ...
> 
> 
> [global]
> 	workgroup = SANITISED
> 	server string = %h server (Samba, Ubuntu)
> 	server role = standalone server
> 	map to guest = Bad User
> 	obey pam restrictions = Yes
> 	passdb backend = smbpasswd
> 	pam password change = Yes
> 	passwd program = /usr/bin/passwd %u
> 	username map = /etc/samba/username_map.txt
> 	unix password sync = Yes
> 	syslog = 0
> 	log file = /var/log/samba/log.%m
> 	max log size = 1000
> 	load printers = No
> 	domain master = No
> 	dns proxy = No
> 	usershare allow guests = Yes
> 	panic action = /usr/share/samba/panic-action %d
> 	idmap config * : backend = tdb
> 	printing = bsd
> 
> [homes]
> 	comment = Home Directories
> 	read only = No
> 	browseable = No
> 
> [shared]
> 	comment = Shared file space
> 	path = /home/samba/shared
> 	force group = users
> 	group = users
> 	read only = No
> 	create mode = 0664
> 	force create mode = 0664
> 	directory mode = 0775
> 	force directory mode = 0775
> 	inherit permissions = Yes
> 	guest ok = Yes
> 
> 
> Here is the directory listing as seen from the Linux shell ...
> 
> drwxrwxr-x   2  jbloggs   users 4.0K 2021-11-10 17:41 Penguin    <--
> folder permissions
> 
> -rwxrwxr--+  1  jsmith    users  22K 2021-11-10 17:40 Hello hello
> hello.doc
> -rw-rw-r--   1  jbloggs   users   29 2021-11-10 17:39 Test 2.txt
> 
> 
> I spotted a + symbol at the end of the Word document and some other
> files on the server.
That '+' shows that extended ACL's exist, you can see these with
'getfacl'
> 
> Desktops are all on Windows 10 Professional and fully patched.
Are they members of a domain ? If so, why are you running Samba as a
standalone server ?

Rowland

On 11/11/2021 12:49, Rowland Penny via samba wrote:
> Samba 4.3.11 is dead as far as Samba is concerned, I suggest you upgrade,
if you do have a problem, you have no chance of getting it fixed in that version
and it may have been fixed in a later version.
Noted.

However, I am still left with the fact that this issue was not a problem for
Samba 4.3.x on this server for years.

> That '+' shows that extended ACL's exist, you can see these
with 'getfacl'.
Thanks, here is the output of 'getfacl' on the test folder...

# file: /home/samba/shared/Penguin/
# owner: jbloggs
# group: users
user::rwx
group::rwx
other::r-x

# file: /home/samba/shared/Penguin/Hello hello hello.doc
# owner: jsmith
# group: users
user::rwx
user:jsmith:rwx
group::r--
group:users:r--
mask::rwx
other::r--

# file: /home/samba/shared/Penguin/Test 2.txt
# owner: jbloggs
# group: users
user::rw-
group::rw-
other::r--

I notice that the TXT file does not have any extended ACL information and yet
was created from a Windows desktop, just like the Word document.

I also notice that the DOC file has group permissions of read only.

So, that answers _that_ one.

How do I stop ACL?!

> Are they members of a domain ? If so, why are you running Samba as a
standalone server ?
No. That's all that is needed for this company.

They have Windows 10 Professional instead of Home for various reasons but have
had this since day 1.

The ONLY thing I can think of is that they have changed their version of
Microsoft Office to 365 (or whatever they call it nowadays :) recently and
that's what's adding the ACL?

I am clutching at straws here and would appreciate any suggestions!

Thanks.

Regards,

-- 

Paul Littlefield

Telephone: 07801 125705
Email: info at paully.co.uk
Wiki: http://wiki.indie-it.com/wiki/Special:AllPages
LinkedIn: https://www.linkedin.com/in/paullittlefield

Paul Littlefield is environmentally responsible. Please consider the environment
before printing this email. This email and any attachment is intended for the
named addressee only, or person authorised to receive it on their behalf. The
content should be treated as confidential and the recipient may not disclose
this message or any attachment to anyone else without authorisation. If this
transmission is received in error please notify the sender immediately and
delete this message from your email system. All electronic transmissions to and
from me are recorded and may be monitored. Finally, the recipient should check
this email and any attachments for viruses. Paul Littlefield accepts no
liability for any damage caused by any virus transmitted by this email.

Linux Mint 20.2 (x86_64)

Tmesis is a linguistic phenomenon in which a word or phrase is separated into
two parts, with other words interrupting between them... well,
abso-blooming-lutely.