Re: [Samba] Losing Permissions of Files
Thanks everyone. The changes suggested seems to have done the trick. Tanveer -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4650904.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
On Tue, 2013-06-18 at 12:37 +1000, Andrew Bartlett wrote: On Wed, 2013-06-12 at 16:37 -0700, bogdan_bartos wrote: Are these directives working for samba 4??? This looks like samba 3 to me. We need a fix for samba 4... Samba 4.0 uses largely the same parameter set as Samba 3.x, because it really is just the next version of Samba as far as the file server is concerned. The main distinction in the case of the AD DC is that we set some defaults differently in that mode. That is, we set: map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr And these are defaults in all modes: map system = no map hidden = no I hope this helps clarify things. I wonder if the issue is that the file system being used by the OP does not have extended attributes enabled at mount time. If they don't then Samba of whatever version is not able to store the DOS attributes in files extended attributes and Office 2007/2010 will still get confused and do the wrong thing. Remember ext3 and ext4 file systems have to be explicitly mounted with extended attributes enabled, where as XFS always has them enabled. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
On 06/18/2013 09:49 AM, Jonathan Buzzard wrote: On Tue, 2013-06-18 at 12:37 +1000, Andrew Bartlett wrote: On Wed, 2013-06-12 at 16:37 -0700, bogdan_bartos wrote: Are these directives working for samba 4??? This looks like samba 3 to me. We need a fix for samba 4... Samba 4.0 uses largely the same parameter set as Samba 3.x, because it really is just the next version of Samba as far as the file server is concerned. The main distinction in the case of the AD DC is that we set some defaults differently in that mode. That is, we set: map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr And these are defaults in all modes: map system = no map hidden = no I hope this helps clarify things. I wonder if the issue is that the file system being used by the OP does not have extended attributes enabled at mount time. If they don't then Samba of whatever version is not able to store the DOS attributes in files extended attributes and Office 2007/2010 will still get confused and do the wrong thing. Remember ext3 and ext4 file systems have to be explicitly mounted with extended attributes enabled, where as XFS always has them enabled. JAB. I use a little script to test extended attributes and acls on new systems. Attached. Rename it from .txt to .sh after downloading. Gerry #!/bin/bash CD=$(pwd) cd /var/tmp # TEST EXTENDED ATTRIBUTES echo -n extended attributes: TESTFILE=extendedattrtest.txt touch $TESTFILE setfattr -n user.test -v test $TESTFILE setfattr -n security.test -v test2 $TESTFILE if [ $(getfattr -n user.test -d $TESTFILE --only-values) == test -a $(getfattr -n security.test -d $TESTFILE --only-values) == test2 ]; then echo PASS else echo FAIL fi ### getfattr -d $TESTFILE rm $TESTFILE # TEST ACLS echo -nacls: TESTFILE=acttest.txt touch $TESTFILE setfacl -m g:adm:rwx $TESTFILE if [ $(getfacl -t $TESTFILE | sed -e s/[ ]*$// -e s/[ ][ ]*/ /g | grep adm) == group adm rwx ];then echo PASS else echo FAIL fi ### getfacl -t $TESTFILE rm $TESTFILE cd $CD -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hallo, I wrote am 16.06.13: [...] The solution required the correct storage of the DOS attributes, the appropriate configuration lines are # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no You need to make sure that your file system is mounted with extended attributes as well. In my case: all these options are set (in the [global] paragraph). The share is included with [WinUpdate] comment = Update Windows path= /srv/CDs/Update read only = no public = yes read list = @schueler, @lehrer, @fachl, @adm write list = @lehrer, @adm wide links = no create mask = 0755 directory mask = 1755 # AND force directory mode= 0755 # OR inherit permissions = yes map archive = no # The directory /srv/CDs is an ext3 partition, mounted with user_xattr. Reading in this share is no problem, writing too. Only executing something like *.vbs or *.cmd or *.exe produces under Samba4 (Samba3 mode, using smbd and nmbd like samba-3.6.x) the error message (in german, on my machine) Auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können. That message is a bit different from that messages Tanveer showed: You do not have permission to view or edit this object's permission settings. Viewing is (in my case) possible, editing too - at least with *.vbs and *.cmd. p.e. file update.cmd @echo off cd /D %~dp0cmd start DoUpdate.cmd %* Only executing produces the above mentioned error message. When I run Samba-3.6.8 (or older): all works fine. -- Maybe I've solved this problem. Running with log level 3 showed [2013/06/17 16:38:30.731946, 3] ../source3/smbd/ error.c:82(error_packet_set) NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2013/06/17 16:38:30.732671, 3] ../source3/smbd/process.c:1794(process_smb) Transaction 439918 of length 126 (0 toread) [2013/06/17 16:38:30.732909, 3] ../source3/smbd/process.c:1397(switch_message) switch message SMBntcreateX (pid 3997) conn 0x8060478 [2013/06/17 16:38:30.733102, 3] ../source3/smbd/vfs.c:1118(check_reduced_name) check_reduced_name [client/Update.cmd] [/srv/CDs/Update] [2013/06/17 16:38:30.733316, 3] ../source3/smbd/vfs.c:1248(check_reduced_name) check_reduced_name: client/Update.cmd reduced to /srv/CDs/Update/client/Update.cmd [2013/06/17 16:38:30.733625, 2] ../source3/smbd/dosmode.c:92(unix_mode) unix_mode(client/Update.cmd) inheriting from client [2013/06/17 16:38:30.733796, 2] ../source3/smbd/dosmode.c:115(unix_mode) unix_mode(client/Update.cmd) inherit mode 40755 [2013/06/17 16:38:30.733892, 3] ../source3/smbd/dosmode.c:160(unix_mode) unix_mode(client/Update.cmd) returning 0644 [2013/06/17 16:38:30.735209, 3] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/error.c(165) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED --- The problem seems to be that samba4 (running in samba3 mode) expects an executable file (inherit mode) but the file Update.cmd had (under Linux) no executable flag. Under Samba 3.6 and older: no problem. When I changed the linux rights to 755 all worked fine. Is that a desired behaviour, or is that an error? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
On Mon, 2013-06-17 at 17:02 +0200, Helmut Hullen wrote: [SNIP] The problem seems to be that samba4 (running in samba3 mode) expects an executable file (inherit mode) but the file Update.cmd had (under Linux) no executable flag. Under Samba 3.6 and older: no problem. When I changed the linux rights to 755 all worked fine. Is that a desired behaviour, or is that an error? This is probably a *different* error that the one the OP is seeing. The OP is seeing an error where you save a document on a group share that belongs to someone else. Office attempts to replicate the permissions on the new file gets confused by the various DOS attributes not working quite like they do on a real Windows file server resulting in messed up permissions. Specifically the person saving the file owns the file but has no permissions to actually access the file. It only happens with Office 2007/2010 and only if you are using ACL's on the share, and then only if the DOS attributes are being mapped onto Unix permissions rather than being stored separately in the files extended attributes. This is all in Samba 3.5/3.6 as far as my testing goes. Operating in a higher educational environment there is no reason to move to Samba 4.x yet. Samba 3.6 is just fine for serving files and campus agreements make running real Active Directory servers very cheap. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
On Wed, 2013-06-12 at 16:37 -0700, bogdan_bartos wrote: Are these directives working for samba 4??? This looks like samba 3 to me. We need a fix for samba 4... Samba 4.0 uses largely the same parameter set as Samba 3.x, because it really is just the next version of Samba as far as the file server is concerned. The main distinction in the case of the AD DC is that we set some defaults differently in that mode. That is, we set: map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4, acl_xattr And these are defaults in all modes: map system = no map hidden = no I hope this helps clarify things. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hallo, Jonathan, Du meintest am 12.06.13: Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. [...] The solution required the correct storage of the DOS attributes, the appropriate configuration lines are # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no You need to make sure that your file system is mounted with extended attributes as well. In my case: all these options are set (in the [global] paragraph). The share is included with [WinUpdate] comment = Update Windows path= /srv/CDs/Update read only = no public = yes read list = @schueler, @lehrer, @fachl, @adm write list = @lehrer, @adm wide links = no create mask = 0755 directory mask = 1755 # AND force directory mode= 0755 # OR inherit permissions = yes map archive = no # The directory /srv/CDs is an ext3 partition, mounted with user_xattr. Reading in this share is no problem, writing too. Only executing something like *.vbs or *.cmd or *.exe produces under Samba4 (Samba3 mode, using smbd and nmbd like samba-3.6.x) the error message (in german, on my machine) Auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können. That message is a bit different from that messages Tanveer showed: You do not have permission to view or edit this object's permission settings. Viewing is (in my case) possible, editing too - at least with *.vbs and *.cmd. p.e. file update.cmd @echo off cd /D %~dp0cmd start DoUpdate.cmd %* Only executing produces the above mentioned error message. When I run Samba-3.6.8 (or older): all works fine. Who or what blocks the execute right with samba4 but not in samba-3.6? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no Should all this config directives be present under the [global] tag? -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4649905.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Are these directives working for samba 4??? This looks like samba 3 to me. We need a fix for samba 4... -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4649906.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hallo, Tanveer, Du meintest am 11.06.13: Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. When I right click on the file and goto Properties - Security, I get a You do not have permission to view or edit this object's permission settings. This usually happens after someone has edited the file. It is not one individual or group that has this issue. It could be anyone within the organization. These files are mostly Microsoft Office files (xls, ppt, and doc). Seems to be a problem which is related to (with? please excuse my gerlish) Samba4. I've seen this error when I run a *.cmd file under Samba 4.06 (Samba3 mode). Running the same file under Samba 3.6.8: no problem. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
On Tue, 2013-06-11 at 20:22 -0600, Tanveer Virani wrote: Hi Marc, Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. When I right click on the file and goto Properties - Security, I get a You do not have permission to view or edit this object's permission settings. This usually happens after someone has edited the file. It is not one individual or group that has this issue. It could be anyone within the organization. These files are mostly Microsoft Office files (xls, ppt, and doc). Hum, seen this been there. Basically Office goes through a complicated dance when you save a file. First it saves the file with a random name. Then it attempts to replicate the permissions from the old file onto the new file. Then it renames the original file to something random, before renaming the new file to have the original name. Finally it deletes the old file. The step that is going wrong is the attempt to replicate the permissions of the old file onto the new file. Roughly what is happening is the person saving the file does not have permissions to do anything with the file. The original owner of the file however does. For users sharing documents on a group share it makes the whole thing pointless. I came across this using Samba 3.5.x with a GPFS file system using NFSv4 ACL's to store permissions. Though I replicated it with Posix ACL's on an ext3 file system for good measure. It only occurs with Office 2007 and later. It was not picked up in initial testing because at the time we where still on Office 2003. Then an upgrade to Office 2010 was rolled out and the problems started. The solution required the correct storage of the DOS attributes, the appropriate configuration lines are # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no You need to make sure that your file system is mounted with extended attributes as well. By default Samba attempts to map these attributes onto the permissions and this confuses the hell out of Office's permission replication stage. By storing this in the extended attributes it all starts working (note with GPFS if you use the vfs_gpfs module they actually get stored in the file system proper). It also has the added bonus that things like Thumbs.db files get the hidden bit set and don't show up in Windows Explorer. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Thanks. I've made the changes. Just waiting for a maintenance window to restart the SAMBA service. Tanveer On Wed, Jun 12, 2013 at 6:39 AM, Jonathan Buzzard jonat...@buzzard.me.ukwrote: On Tue, 2013-06-11 at 20:22 -0600, Tanveer Virani wrote: Hi Marc, Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. When I right click on the file and goto Properties - Security, I get a You do not have permission to view or edit this object's permission settings. This usually happens after someone has edited the file. It is not one individual or group that has this issue. It could be anyone within the organization. These files are mostly Microsoft Office files (xls, ppt, and doc). Hum, seen this been there. Basically Office goes through a complicated dance when you save a file. First it saves the file with a random name. Then it attempts to replicate the permissions from the old file onto the new file. Then it renames the original file to something random, before renaming the new file to have the original name. Finally it deletes the old file. The step that is going wrong is the attempt to replicate the permissions of the old file onto the new file. Roughly what is happening is the person saving the file does not have permissions to do anything with the file. The original owner of the file however does. For users sharing documents on a group share it makes the whole thing pointless. I came across this using Samba 3.5.x with a GPFS file system using NFSv4 ACL's to store permissions. Though I replicated it with Posix ACL's on an ext3 file system for good measure. It only occurs with Office 2007 and later. It was not picked up in initial testing because at the time we where still on Office 2003. Then an upgrade to Office 2010 was rolled out and the problems started. The solution required the correct storage of the DOS attributes, the appropriate configuration lines are # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no map hidden = no You need to make sure that your file system is mounted with extended attributes as well. By default Samba attempts to map these attributes onto the permissions and this confuses the hell out of Office's permission replication stage. By storing this in the extended attributes it all starts working (note with GPFS if you use the vfs_gpfs module they actually get stored in the file system proper). It also has the added bonus that things like Thumbs.db files get the hidden bit set and don't show up in Windows Explorer. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
This could be the same problem I am experiencing. My users are editing some excel files with office 2010. The files lock and lose permissions. The only way to fix this is to move out the file and move it back in, so it resets the file permissions with administrator. This has probably something to do with the oplocks. I am also experiencing the issue with samba 4.0.6 as a dc on fedora 18 x64. -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4649890.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Actually, I got a few calls from users and other files types lock as well. Like image files and stuff. This is a 4.0.6 bug for sure!!! Can you guys see what this is caused by and get a patch in? -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4649893.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Losing Permissions of Files
Hi, I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? My smb.conf follows: # Global parameters [global] workgroup = X realm = X netbios name = X server role = active directory domain controller dns forwarder = 555.555.555.555 dns forwarder = 555.555.555.666 [netlogon] path = /usr/local/samba/var/locks/sysvol/X/scripts read only = No browseable = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No browseable = No ## Samba shares [data] comment = General Company data path = /STR/corp/data read only = No [projects] comment = Projects path = /STR/corp/projects read only = No thanks, Tanveer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hello Tanveer, Am 11.06.2013 21:41, schrieb Tanveer Virani: I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? - What exactly do you mean by all permissions on a file are lost? - Can you show the 'getfacl' output on such a file, before and after? - If permissions getting lost, did someone edit the file? - Does it happen only on a special kind of files? - etc. Please give some more information on the issue. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Hi Marc, Here is the information that you requested. When I say that all permissions on a file are lost, this is at the windows level. In Windows Explorer, we go to open the file in the default program, we get an Access denied. Contact your administrator. error. When I right click on the file and goto Properties - Security, I get a You do not have permission to view or edit this object's permission settings. This usually happens after someone has edited the file. It is not one individual or group that has this issue. It could be anyone within the organization. These files are mostly Microsoft Office files (xls, ppt, and doc). ACLs of file with permissions lost: #getfacl BS June 11.2013.xlsx # file: BS June 11.2013.xlsx # owner: 359 # group: users user::rwx user:root:rwx group::--- group:wheel:rwx group:users:--- group:307:rwx group:359:rwx group:364:rwx mask::rwx other::--- ACLs after I copy the file (cp -pr file newfile) getfacl BS June 11.2013.xlsx.new # file: BS June 11.2013.xlsx.new # owner: nws # group: users user::rwx user:root:rwx group::--- group:wheel:rwx group:users:--- group:307:rwx group:359:rwx group:364:rwx mask::rwx other::--- As you can see, other then the owner, everything else is the same. Any help would be much appreciated, or if you require more info, please let me know where to look. Tanveer On Tue, Jun 11, 2013 at 2:23 PM, Marc Muehlfeld sa...@marc-muehlfeld.dewrote: Hello Tanveer, Am 11.06.2013 21:41, schrieb Tanveer Virani: I have a OpenSuse 12.2 system running Samba 4.0.6 (compiled from source). Every once in a while, we run into an issue where all permissions on a file are lost. I've checked the ACLs, and they seem fine. The only way to get permissions back is to copy the file to a new name, remove the old file, and rename the file back to the original name. Can anyone help solve this issue? - What exactly do you mean by all permissions on a file are lost? - Can you show the 'getfacl' output on such a file, before and after? - If permissions getting lost, did someone edit the file? - Does it happen only on a special kind of files? - etc. Please give some more information on the issue. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
