Displaying 20 results from an estimated 56 matches for "nfs_aces".
2017 Jan 23
3
vfs_fruit 'other' create mode different than parent
...the global or a share section?
Thanks for the hint! After putting it in the global options the
create mode mimics the parent directory as one would expect from
"
inherit permissions = yes
inherit acls = yes
"
If possible it would be less dangerous (securitywise) not to have
fruit:nfs_aces setting interact with 'inherit permissions' and 'inherit
acls'.
Or at least the default setting of nfs_aces should not interact with a
big warning/explanation of how changing to nfs_aces = yes will interact.
Thanks again!
Chad.
2017 Jan 23
3
vfs_fruit 'other' create mode different than parent
...ng it in the global options the create
>> mode mimics the parent directory as one would expect from
>> "
>> inherit permissions = yes
>> inherit acls = yes
>> "
>>
>> If possible it would be less dangerous (securitywise) not to have
>> fruit:nfs_aces setting interact with 'inherit permissions' and 'inherit
>> acls'.
>>
>> Or at least the default setting of nfs_aces should not interact with a big
>> warning/explanation of how changing to nfs_aces = yes will interact.
>
> well, the thing is, inheritan...
2015 Oct 06
0
Trying to understand vfs_fruit's nfs_aces option
...gt; the directory browsing performance of Mac clients. After enabling it some of
> our tests began failing due to an "The permissions on x are incorrectly
> ordered" error on Windows.
Which tests?
> I chased it down to a behavior in vfs_fruit that is enabled by the
> fruit:nfs_aces config option. The manpage section for this option
> says:
>
> > Whether support for querying and modifying the UNIX mode of
> > directory entries via NFS ACEs is enabled, default yes.
>
> I took a brief look at the module's source and sure enough it looks to be
>...
2017 Jan 23
1
vfs_fruit 'other' create mode different than parent
> well, the thing is, inheritance works as designed with fruit:nfs_aces=yes, it's
> just that the client changes permissions *after* the fact...
How icky. Is it b/c mac's don't understand the Linux (posix?) extended
acl? I suppose Samba cannot tell when the client is changing the
permissions as a misunderstanding versus purposefully? E.g. is the
p...
2016 Nov 14
2
vfs_fruit 'other' create mode different than parent
...the "other" mode is 'r--' (file) or 'r-x' (directory)
even though the parent directory is '---'.
On Windows, Linux, and Macintosh with vfs_fruit not loaded all create
files and directories with mode for other set to '---'.
I've tried 'fruit:nfs_aces = no' with no change.
Any ideas?
Chad.
Samba version:
4.2.10+dfsg-0+deb8u3
# Global parameters
[global]
workgroup = PHYSICS
realm = PHYSICS.WISC.EDU
server string = %h server
security = ADS
map to guest = Bad User
kerberos method = sec...
2017 Jan 23
0
vfs_fruit 'other' create mode different than parent
...reate
> >>mode mimics the parent directory as one would expect from
> >>"
> >>inherit permissions = yes
> >>inherit acls = yes
> >>"
> >>
> >>If possible it would be less dangerous (securitywise) not to have
> >>fruit:nfs_aces setting interact with 'inherit permissions' and 'inherit
> >>acls'.
> >>
> >>Or at least the default setting of nfs_aces should not interact with a big
> >>warning/explanation of how changing to nfs_aces = yes will interact.
> >
> >wel...
2024 Jan 24
1
Share access permission errors after upgrade from 4.12.14
...ons = No
> wide links = Yes
> use sendfile = Yes
> host msdfs = No
>
> # ease upgrades from Samba 3.6
> acl allow execute always = Yes
> # permit NTLMv1 authentication
> ntlm auth = Yes
>
> # default global fruit settings:
> #fruit:aapl = Yes
> #fruit:nfs_aces = Yes
> fruit:nfs_aces = No
> #fruit:copyfile = No
> #fruit:model = MacSamba
>
> # hook for user-defined samba config
> include = /boot/config/smb-extra.conf
>
> # auto-configured shares
> include = /etc/samba/smb-shares.conf
>
> smb-names.conf (clean inst...
2016 Apr 30
1
File permissions change after implementing vfs_fruit
...it:metadata = stream
That seems to have made no difference. I then changed the create mode in a share I was testing on
from:
create mode = 0660
to:
force create mode = 0760
That had the effect of instead of making files --rwx--+ they’d come up as -r--rwxr--+.
What am I missing here? Would fruit:nfs_aces = no be the way forward? Is the order I list my vfs objects in problematic?
Cheers,
tack
2024 Jan 24
1
Share access permission errors after upgrade from 4.12.14
...# Pardon ? 3.6 Died 8 years ago
> acl allow execute always = Yes
> # permit NTLMv1 authentication
> ntlm auth = Yes # Why ?
>
> # default global fruit settings: # Non of which will have any affect because non of the apple vfs objects are turned on.
> #fruit:aapl = Yes
> #fruit:nfs_aces = Yes
> fruit:nfs_aces = No
> #fruit:copyfile = No
> #fruit:model = MacSamba
>
> It is for a standalone server.
>
> Can you please join it to the domain and then post the new smb.conf , I
> am looking to see what the default idmap backend is for the domain.
>
> Rowland...
2024 Jan 23
1
Share access permission errors after upgrade from 4.12.14
...write size = 0
# misc.
invalid users = root
unix extensions = No
wide links = Yes
use sendfile = Yes
host msdfs = No
# ease upgrades from Samba 3.6
acl allow execute always = Yes
# permit NTLMv1 authentication
ntlm auth = Yes
# default global fruit settings:
#fruit:aapl = Yes
#fruit:nfs_aces = Yes
fruit:nfs_aces = No
#fruit:copyfile = No
#fruit:model = MacSamba
# hook for user-defined samba config
include = /boot/config/smb-extra.conf
# auto-configured shares
include = /etc/samba/smb-shares.conf
smb-names.conf (clean install)
# Generated names
netbios name = Tower
server s...
2024 Jan 25
1
Share access permission errors after upgrade from 4.12.14
...cap name = /dev/null
realm = TESTLAB.COM
security = ADS
server string = Media server
show add printer wizard = No
smb1 unix extensions = No
winbind use default domain = Yes
workgroup = TESTLAB
idmap config testlab : range = 10000-999999
idmap config testlab : backend = rid
fruit:nfs_aces = No
idmap config * : range = 3000-7999
idmap config * : backend = tdb
hide dot files = No
include = /etc/samba/smb-shares.conf
invalid users = root
map acl inherit = Yes
use sendfile = Yes
vfs objects = acl_xattr
wide links = Yes
[PrivateShare]
path = /mnt/user/PrivateShare...
2015 Jun 17
2
macos finder error 36 when copy folder to samba 4.2.2
...o
usershare max shares = 0
unix extensions = no
wide links = no
encrypt passwords = true
guest account = nobody
logon path =
hide special files = no
printcap name = cups
use sendfile = true
vfs object = catia fruit streams_xattr acl_xattr
fruit:nfs_aces = no
reset on zero vc = yes
#======================= Share Definitions =======================
[test-volume]
path = /daten/pv50/test-volume
valid users = @support
admin users = @support
read only = no
inherit permissions = yes
inherit acls = yes
map...
2015 Jun 18
2
macos finder error 36 when copy folder to samba 4.2.2
...ide links = no
>> encrypt passwords = true
>> guest account = nobody
>> logon path =
>> hide special files = no
>> printcap name = cups
>> use sendfile = true
>> vfs object = catia fruit streams_xattr acl_xattr
>> fruit:nfs_aces = no
>> reset on zero vc = yes
>>
>> #======================= Share Definitions =======================
>>
>> [test-volume]
>> path = /daten/pv50/test-volume
>> valid users = @support
>> admin users = @support
>> read onl...
2015 Jul 31
1
vfs fruit unable to create xattr and ACL from OS X 10.10.4
...r -l. Nothing is there.
> As expected, afair the client doesn't support modifyint ACLs on an smb
> mount. Have you verified this works against an Apple SMB server?
I didn’t know that. I confirm client can’t do this with Apple SMB server either.
Thank you for info.
>> fruit:nfs_aces = yes
>> fruit:veto_appledouble = yes
>
> fwiw, I'd remove anything that is the default.
Are there any possible problems with this approach apart from convention/cleaner config?
Our Samba admin prefers it this way.
> man setfattr
admin-apple # touch test.txt
admin-apple...
2018 Jun 26
1
4.5 -> 4.8 samba fails to start
...og.%m
map to guest = Bad User
max log size = 100000
panic action = /usr/share/samba/panic-action %d
realm = YOUR.KERB.REALM
security = USER
server signing = required
server string = %h server
workgroup = MYWORKGR
fruit:nfs_aces = no
idmap config * : backend = tdb
--------------------------------------------
sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
debug_level = 7
domains = YOUR.KERB.REALM
[nss]
filter_groups = root
filter_users = root
debug_level = 7
[pam]
debug_level = 7
[domain/YOUR.KERB....
2024 Jan 24
1
Share access permission errors after upgrade from 4.12.14
...alm = TESTLAB.COM
> security = ADS
> server min protocol = SMB2
> server multi channel support = No
> server string = Media server
> show add printer wizard = No
> smb1 unix extensions = No
> winbind use default domain = Yes
> workgroup = TESTLAB
> fruit:nfs_aces = No
> idmap config * : range = 10000-4000000000
> idmap config * : backend = hash
That is what I was looking for, the default 'idmap config' is set to
'hash', which shouldn't be used. Especially as it says 'idmap_hash - DO
NOT USE THIS BACKEND' at the top of...
2019 Jul 26
1
vfs_recycle throwing errors when files are deleted by a Mac on a share with vfs_fruit enabled
...4
hosts allow = 127. 192.168.0.
hostname lookups = yes
log file = /var/log/samba/samba.log.%m
max log size = 50
security = user
passdb backend = tdbsam
guest account = nobody
load printers = no
fruit:aapl = yes
fruit:nfs_aces = no
unix extensions = no
[User]
comment = User Files
path = /share/samba/user
directory mask = 0775
create mask = 0774
force directory mode = 0775
force create mode = 0774
writable = yes
browseable = yes
guest ok = no...
2015 Jul 28
2
vfs fruit unable to create xattr and ACL from OS X 10.10.4
...t streams_xattr
fruit:resource = file
fruit:metadata = netatalk
fruit:locking = none
fruit:encoding = private
fruit:aapl = yes
readdir_attr:aapl_rsize = true
readdir_attr:aapl_finder_info = true
readdir_attr:aapl_max_access = true
fruit:nfs_aces = yes
fruit:veto_appledouble = yes
Problem -> OS X clients are unable to create new extended attributes (and ACLs) with exception of ResourceFork and FinderInfo which are handled directly by vfs_fruit and saved to internal AppleDouble file.
When I try to create new custom extended attri...
2024 Jan 19
1
Share access permission errors after upgrade from 4.12.14
On Fri, 19 Jan 2024 10:12:12 +0000
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Tue, 16 Jan 2024 23:28:24 +0000
> unraidster via samba <samba at lists.samba.org> wrote:
>
> > On Tuesday, 16 January 2024 at 09:46, Rowland Penny via samba
> > <samba at lists.samba.org> wrote:
> >
> > > As far as I can see, unraid is based on
2018 Jun 18
0
4.5 -> 4.8 samba fails to start
...size = 100000
syslog = 0
panic action = /usr/share/samba/panic-action %d
kerberos method = secrets and keytab
map to guest = Bad User
security = ADS
server signing = required
hostname lookups = Yes
dns proxy = No
fruit:nfs_aces = no
idmap config * : backend = tdb
[LabSoftware]
path = /srv/smb/LabSoftware
guest ok = Yes
hosts allow = blah blay blax
smb encrypt = No
[monitor]
path = /srv/monitor
browseable = No
read only = No
vfs objects = b...