Re: [Samba] can not read file permissions via samba over gpfs
Hi again, Just an update, my production servers switched to work with this settings for several days now, and all seems OK. I didn't found any reason why not using this this setting (vfs objects = fileid) while working with gpfs and posix acl's so I'll keep it that way. If I notice problems, I'll updateI hope not. Thanks, David On Wed, Jul 15, 2009 at 2:57 PM, David david.p...@gmail.com wrote: So if you don't see any problems with this solution, I'll give it a try on the first chance that I have and update. Thanks for help and prompt replies! David On Wed, Jul 15, 2009 at 2:47 PM, Volker Lendecke volker.lende...@sernet.de wrote: On Wed, Jul 15, 2009 at 02:37:09PM +0300, David wrote: Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... I never used GPFS with posix ACLs, and I *thought* from the mere existence of the special ACL API in gpfs.h that these calls are required. If it works fine now, perfect. Sorry for the noise, just ignore me. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdwe4ACgkQbsgDfmnSbrb4jwCggx7+RqxCcQjBk9ZWpjLBHdlD +wgAnj8Xg6yZdBvXAo4tbWs6bcHZK6Ol =wKTS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can not read file permissions via samba over gpfs
Hi, I am using samba samba3-3.3.4-39, with ctdb ctdb-1.0-69.x86_64, gpfs gpfs-3.2.1 on centos 5.3 x86_64. My problem is that from samba share I can't read file permissions and file ownership, although I'm in domain admins group, which has full permissions(rwx) via inherited acl (not user or group ownership). If I'm in a group that owns the file, I can read the permissions, all permissions for other users are none. Example: #owner:kavin #group:prod user::rwxc group:: other:: mask::rwxc group:media:rwx- group:editors:r-x- group:prod:rwx- group:domain admins:rwx- In this example, I can't see the file owner or permissions, if I add myself to prod group, I could. My question is, why can't I see those file permissions although I'm in domain admins group that has full permissions? With nfs client everything works file. I'm using nfsv3 only. I'm attaching samba configuration files. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... [global] netbios name = atlas disable netbios = yes server string = ATLAS Storage Device(Linux-GPFS) realm = DOMAIN.COM workgroup = DOMAIN security = ADS password server = domainad encrypt passwords = yes hosts allow = 192.168.44.0/255.255.252.0 127. hosts deny = 0.0.0.0/0.0.0.0 guest account = nobody log file = /var/log/samba/samba.log unix charset = UTF8 username map = /etc/samba/user.map deadtime = 15 client schannel = no wins server = domainad printcap name = /dev/null load printers = no dns proxy = no obey pam restrictions = yes pam password change = yes winbind separator = / winbind use default domain = yes idmap backend = tdb2 idmap uid = 1-9 idmap gid = 1-9 idmap config DOMAIN : backend = ad idmap config DOMAIN : range = 1- clustering = yes #private dir = /gpfs/clusterprivdir/smb fileid:mapping = fsname vfs objects = gpfs fileid gpfs:sharemodes = No winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind nss info = sfu template shell = /bin/false valid users = @DOMAIN/Domain Users admin users = DOMAIN/administrator #== [public] path = /gpfs/filesets/public comment = Public browseable = yes writable = yes dos filemode = yes force create mode = 0775 create mask = 0775 security mask = 0775 directory security mask = 0775 force directory mode = 0775 admin users = DOAMIN/administrator administrator Administrator map acl inherit = yes David On Wed, Jul 15, 2009 at 10:00 AM, David david.p...@gmail.com wrote: Hi, I am using samba samba3-3.3.4-39, with ctdb ctdb-1.0-69.x86_64, gpfs gpfs-3.2.1 on centos 5.3 x86_64. My problem is that from samba share I can't read file permissions and file ownership, although I'm in domain admins group, which has full permissions(rwx) via inherited acl (not user or group ownership). If I'm in a group that owns the file, I can read the permissions, all permissions for other users are none. Example: #owner:kavin #group:prod user::rwxc group:: other:: mask::rwxc group:media:rwx- group:editors:r-x- group:prod:rwx- group:domain admins:rwx- In this example, I can't see the file owner or permissions, if I add myself to prod group, I could. My question is, why can't I see those file permissions although I'm in domain admins group that has full permissions? With nfs client everything works file. I'm using nfsv3 only. I'm attaching samba configuration files. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 11:48:27AM +0300, David wrote: I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... The GPFS module was mainly tested with NFSv4 ACLs. Not sure it works with posix acls at all... Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. David On Wed, Jul 15, 2009 at 11:53 AM, Volker Lendecke volker.lende...@sernet.de wrote: On Wed, Jul 15, 2009 at 11:48:27AM +0300, David wrote: I'm adding the samba configuration file content, I think the attached file wasn't not sent :-(, sorry... The GPFS module was mainly tested with NFSv4 ACLs. Not sure it works with posix acls at all... Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdmPQACgkQbsgDfmnSbrbTrgCeKI10t2qv/Qa1GXgUZRmRYuO7 nGsAn1iis9zrIWRWrJVxZbPm7KO8u7NK =nZqF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 11:57:45AM +0300, David wrote: Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. Well, you won't see acls then either, because gpfs requires special API calls for them. You will see the posix permissions mapped correctly (probably...) Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
So how can I resolve this issue? How come I can't see this behavior on non gpfs shares? The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. David On Wed, Jul 15, 2009 at 1:23 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 11:57:45AM +0300, David wrote: Thanks, so the gpfs module in the vfs object option can safely removed? I suspected that, cause on other samba servers I don't such behavior and I couldn't find any docs about that. Well, you won't see acls then either, because gpfs requires special API calls for them. You will see the posix permissions mapped correctly (probably...) Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdrjoACgkQbsgDfmnSbrYkOACdH8BEeNKJRuOJopyNIP+Mt/Wa U0QAn0llxhWWZ74KjhuXbYg1wKL/3lve =geWF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 02:01:43PM +0300, David wrote: So how can I resolve this issue? Add code to the gpfs module to also deal properly with posix acls :-) How come I can't see this behavior on non gpfs shares? Because other file systems don't need the special API calls to get/set acls. The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. Yes, NFSv4 acls would be one way to go. This is completely independent of whether you actually use NFSv4 as a protocol, those ACLs are a file system thing and not primarily a protocol thing. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
Hi Volker, Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... David On Wed, Jul 15, 2009 at 2:10 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 02:01:43PM +0300, David wrote: So how can I resolve this issue? Add code to the gpfs module to also deal properly with posix acls :-) How come I can't see this behavior on non gpfs shares? Because other file systems don't need the special API calls to get/set acls. The only thing I can think off is to: changes gpfs filesystem authorization to nfsv4 or all(posix and nfsv4), and change samba configuration according. I don't have any nfsv4 clients, only Linux, MacOsx and windows XP which are nfsv3 and smb. Yes, NFSv4 acls would be one way to go. This is completely independent of whether you actually use NFSv4 as a protocol, those ACLs are a file system thing and not primarily a protocol thing. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpduTEACgkQbsgDfmnSbrYhSwCcCnbkwrIoLF6hqbKk6942AkfP L5YAoIqKDhUC/MZBi4+84C2pos09ILly =Usdh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
On Wed, Jul 15, 2009 at 02:37:09PM +0300, David wrote: Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... I never used GPFS with posix ACLs, and I *thought* from the mere existence of the special ACL API in gpfs.h that these calls are required. If it works fine now, perfect. Sorry for the noise, just ignore me. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not read file permissions via samba over gpfs
So if you don't see any problems with this solution, I'll give it a try on the first chance that I have and update. Thanks for help and prompt replies! David On Wed, Jul 15, 2009 at 2:47 PM, Volker Lendecke volker.lende...@sernet.dewrote: On Wed, Jul 15, 2009 at 02:37:09PM +0300, David wrote: Thanks for all your help and I'm sorry if I'm being a nag, but I have to check all my options before moving on using nfsv4 authorization. I quickly setup a test server with the same configuration like on my prod environment, and I found that if remove gpfs module from the vfs object option line, I can see the permissions and get the proper permissions from the acls entries. (just like in example I sent at the begging) If this resolves my problem, is there a reason why not using this solution? It also don't come up with what you wrote before which totally make sense to me... I never used GPFS with posix ACLs, and I *thought* from the mere existence of the special ACL API in gpfs.h that these calls are required. If it works fine now, perfect. Sorry for the noise, just ignore me. Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpdwe4ACgkQbsgDfmnSbrb4jwCggx7+RqxCcQjBk9ZWpjLBHdlD +wgAnj8Xg6yZdBvXAo4tbWs6bcHZK6Ol =wKTS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba