Sebastian Neustein
2023-May-25 14:45 UTC
[Samba] vfs_shadow_copy2 cannot read/find snapshots
> Does it make a difference if you re-mount the volume without 'acl' > option? Even otherwise can you try listing the snapshot contents from > the server as a user(and not super user) who in reality tries to list > previous versions from Windows? I feel like it has something to do with > permissions setup for the user accessing the share.It does make a difference! First only when accessing the directory on the server itself as a non priviledged AD user. Without acl I can enter the .snaps dir, with acl I can not. Using Windows I wasn't able to access the privious version, but remembering Alexanders comment I could fix that aswell! So my share looks like this now: [projects] ??????? path = /srv/glvol_samba/admin/projects ??????? comment = ARC Projekte ??????? guest ok = no ??????? read only = no ??????? shadow:snapdir = /srv/glvol_samba/admin/projects/.snaps ??????? shadow:basedir = /srv/glvol_samba/admin/projects ??????? shadow:sort = desc ??????? vfs objects = acl_xattr shadow_copy2 glusterfs_fuse ??????? shadow:format = snap_GMT-%Y.%m.%d-%H.%M.%S And my mounting unit looks like this: [Unit] Description=Data Dir After=network.target Requires=network-online.target [Mount] What=B741:/glvol_samba Where=/srv/glvol_samba Type=glusterfs Options=defaults,_netdev,negative-timeout=10,attribute-timeout=30,fopen-keep-cache,direct-io-mode=enable [Install] WantedBy=multi-user.target Now I have to test if the missing acl options has any influence on the windows acls. Best regards and a big big Thank you! Regards Sebastian -- Sebastian Neustein Airport Research Center GmbH Bismarckstra?e 61 52066 Aachen Germany Phone: +49 241 16843-23 Fax: +49 241 16843-19 e-mail: sebastian.neustein at arc-aachen.de Website: http://www.airport-consultants.com Register Court: Amtsgericht Aachen HRB 7313 Ust-Id-No.: DE196450052 Managing Director: Dipl.-Ing. Tom Alexander Heuer
On Thu, 2023-05-25 at 16:45 +0200, Sebastian Neustein wrote:> > Does it make a difference if you re-mount the volume without 'acl' > > option? Even otherwise can you try listing the snapshot contents > > from the server as a user(and not super user) who in reality tries > > to list previous versions from Windows? I feel like it has > > something to do with permissions setup for the user accessing the > > share. > > It does make a difference! First only when accessing the directory on > the server itself as a non priviledged AD user. Without acl I can > enter the .snaps dir, with acl I can not. > > Using Windows I wasn't able to access the privious version, but > remembering Alexanders comment I could fix that aswell!Hm.. that would require your snapshots to always start with "snap" and not "snap1" or "snap101" etc. But I do think 'snapprefix' option to vfs_shadow_copy2 module is working as expected(at least for me).> Now I have to test if the missing acl options has any influence on > the windows acls.Since you have also stacked 'acl_xattr' vfs module, windows ACLs should not get affected as they are stored as "security.NTACL" extended attribute. If all users are expected to access the share via Samba you can even think of setting "acl_xattr:ignore system acls = yes" option for respective shares. More details on vfs_acl_xattr, see man page https://www.samba.org/samba/docs/current/man-html/vfs_acl_xattr.8.html Regards, Anoop C S.