Samba config to allow Windows read-only file attribute changes
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba config to allow Windows read-only file attribute changes
I am struggling with a client's accounting software (Daceasy version 10.5) where I have recently replaced a Win2k server with a Linux (e-Smith SME ver 5.5) server. The Samba version is 2.2.5. The accounting software appears to be trying to set the read-only attribute in dos/windows to "lock" the file against changes while doing some operations such as backups. With Linux I cannot duplicate this behavior. Either Daceasy fails with an error changing file attributes, or after applying the smb.conf parameters below, it gives the appearance of succeeding but it does not really change the file to read-only. Just no errors are reported.
I am concerned about multiple users corrupting files because the dos/windows readonly attribute is not being set properly. Under the windows server, when two users tried to access the same account at the same time to do say, posting, an error would be reported. Not so under Linux - two users can access a Daceasy account at the same time - potentially wiping out each other's transactions or corrupting the file. Of course, the only answer from Daceasy is that they do not support Linux servers.
Has anyone solved this type problem? If so, what parameters should I be using so that multiple users (all in the same group) can set and remove the read-only flag? I am a Linux newbie so the more details/explanation the better.
Note that using the map archive, hidden, and system parameters below coupled with the dos filemode parameter, I am able to set those file attributes just fine. It is the read-only that is zapping me.
Many thanks for any help,
jim
############## start of samba test directory settings
[smbtest]
comment = folder for samba test
path = /home/e-smith/files/ibays/smbtest
read only = no
writable = yes
printable = no
dos filemode = yes
map archive = yes
map hidden = yes
map system = yes
inherit permissions = yes
create mode = 0660
force create mode = 0660
directory mode = 02775
force group = +employee
################# end of samba settings
There are two types of locking which need to be performed by a SMB server. The first is "record locking" which allows a client to lock a range of bytes in a open file. The second is the "deny modes" that are specified when a file is open.
Record locking semantics under Unix is very different from record locking under Windows. Versions of Samba before 2.2 have tried to use the native fcntl() unix system call to implement proper record locking between different Samba clients. This can not be fully correct due to several reasons. The simplest is the fact that a Windows client is allowed to lock a byte range up to 2^32 or 2^64, depending on the client OS. The unix locking only supports byte ranges up to 2^31. So it is not possible to correctly satisfy a lock request above 2^31. There are many more differences, too many to be listed here.
Samba 2.2 and above implements record locking completely independent of the underlying unix system. If a byte range lock that the client requests happens to fall into the range 0-2^31, Samba hands this request down to the Unix system. All other locks can not be seen by unix anyway.
Strictly a SMB server should check for locks before every read and write call on a file. Unfortunately with the way fcntl() works this can be slow and may overstress the rpc.lockd. It is also almost always unnecessary as clients are supposed to independently make locking calls before reads and writes anyway if locking is important to them. By default Samba only makes locking calls when explicitly asked to by a client, but if you set
"strict locking = yes"
then it will make lock checking calls on every read and write.
You can also disable by range locking completely using "locking = no". This is useful for those shares that don't support locking or don't need it (such as cdroms). In this case Samba fakes the return codes of locking calls to tell clients that everything is OK.
The second class of locking is the "deny modes". These are set by an application when it opens a file to determine what types of access should be allowed simultaneously with its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS.
openserver 5.0.2c, samba 2.0.2c and users Unix and w2k
when several users on unix locks the record, its works correctly, and happen the same when are only users on windows, but when one user on unix locks a record and the user of windows locks the same record, do not happen anything on the system.
I have tryed wich all the configuration on samba and I have read a lot of faqs wich said that unix and windows do not locks at the same way.
ok, but i do not believe samba do not works with programs without locks at record level.
the locking options on samba are:
blocking locks=yes
locking=yes
oplock=yes
posix locking=yes
strict locking=no
veto oplock files=/*.ism/*.is1/ ## files who use the aplication
One issue that may apply to your situation is that smb file locking only affects the smb service. In other words someone accessing the file by another means besides the smb protocol will not be affected by smb's file locking.
Maybe you can use byte level locking if this is the case.
I'm not familiar with the accounting software so I am not sure whether this will work or not.
With samba, you can only set the read only right if you are the owner of the file. Being a member of a group that has write access to the file does not count. You should try the following.
First and foremost, back up your data to another directory.
Add a user to your system (we'll call it daceasy.) The user does not have to have a shell or home directory, but it needs a private group called daceasy.
Create a folder for the user with the 2770 permissions and is owned by the user. This is where samba will share the files out. (We'll say /vol/daceasy)
Configure the share as follows:
Code:
[Test-Area]
comment = Daceasy version 10.5 Data Files
path = /vol/daceasy
valid users = @<group of users you want to use the software>
create mask = 0660
security mask = 0660
directory mask = 2770
directory security mask = 2770
read only = no
force user = daceasy
force group = daceasy
With this method, only trusted users will be able to access the share and modify its contents. "The force user = daveasy" allows you to make modifications to the attribute as any allowed user since the identity switched to the daceas user when connected. This may or may not be the solution for you. I have not tested it out yet, but give it a try and tell us what happens.
Sidmark-280:
I have tryed your solution but it does not works well.
Davidphillips:
everybody speaks about byte level locking but nobody writes anything about.
How can I use it?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.