On Tue, 29 Aug 2023 15:44:35 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> >> In samba the share is:
> > I wish people wouldn't do this, if you are going to post a share,
> > please post the global section as well.
>
> Sorry.
>
> # Global parameters
> [global]
> log file = /var/log/samba/log.%M
> map to guest = Bad User
> netbios aliases = CUPSSV FILESV HOMESV
> ntlm auth = mschapv2-and-ntlmv2-only
> panic action = /usr/share/samba/panic-action %d
> printcap name = cups
> realm = AD.FVG.LNF.IT
> security = ADS
> socket options = TCP_NODELAY TCP_KEEPIDLE=240 TCP_KEEPCNT=4
> TCP_KEEPINTVL=15 syslog = 0
> username map = /etc/samba/user.map
> usershare max shares = 0
> winbind offline logon = Yes
> winbind use default domain = Yes
> wins support = Yes
> workgroup = LNFFVG
> spoolss: architecture = Windows x64
> rpc_daemon:spoolssd = fork
> rpc_server:spoolss = external
> idmap config lnffvg : unix_primary_group = yes
> idmap config lnffvg : unix_nss_info = yes
> idmap config lnffvg : schema_mode = rfc2307
> idmap config lnffvg : range = 10000-49999
> idmap config lnffvg : backend = ad
> idmap config * : range = 5000-9999
> idmap config * : backend = tdb
>
> [...]
>
> [FVG]
> comment = Regionale (FVG)
> inherit permissions = Yes
> kernel share modes = No
> map acl inherit = Yes
> path = /
> read only = No
> vfs objects = recycle full_audit glusterfs
> volume = FVG
> full_audit:failure = none
> full_audit:success = mkdir rmdir read pread write pwrite
> rename unlink full_audit:prefix = %S|%d|%I|%M|%u
> recycle:exclude = *.TMP,*.tmp,*.temp,*.o,*.obj,~$*
> recycle:versions = yes
> recycle:keeptree = yes
> recycle:repository = .cestino/%U
> glusterfs:volume = gv0
>
>
> >> vfs objects = recycle full_audit glusterfs
> > Do you have a 'vfs objects' line in global with
'acl_xattr' in it,
> > because if you have, the line above turns it off.
>
> No, i don't have it; as just stated, i'm using direct mapping in
XFS
> POSIX extended ACL, so i don't need acl_xattr, so it is OK that is
> disabled.
Gluster and XFS might be using the POSIX extended ACL, but does Samba
know anything about them ? I do not know, having never used XFS, But I
doubt if Samba does know and use them.
>
>
> >> gluster version 3.8.8-1+deb9u1, samba version
> >> 4.10.18+dfsg-0.1stretch1 .
> > I have to ask, why are you still using Debian stretch ?
> > Hasn't anyone told you it is now EOL ?
>
> yes. Life is complex, Rowland....
Ye, life is very complex, but not that complex that you cannot realise
that upgrading might be a good idea. If you upgrade to Bookworm, you
will get glusterfs 10.3-5 and Samba 4.17.10 , both rather large jumps.
However, it is your setup and you can do as you please, I can only
make suggestions ;-)
>
>
> Anyway, i've not changed the samba configuration, and ACL seems to
> work as expected in POSIX environment (eg, user 'gaio' does not
open
> files in windows, but if i logon to the server, i can safely open it
> in terminal).
>
>
> The really strange things are that:
>
> 1) only preexistant files have the trouble; if i create a file ex
> novo, it worked.
>
> 2) only files are inaccessible, folders works as expected...
>
>
> And no a single complain on logs, also...
>
This seems to point to the old files not having something that the new
files are getting, try comparing all the permissions of and old file
with a new one.
Rowland