LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 01-23-2013, 03:00 PM   #1
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Rep: Reputation: Disabled
Samba 3.6 or Samba 4 ?


I am trying to setup a Samba Server and a Windows share with Full ACL support. From what I have read and from my own experimentation I need to use vfs_acl_xattr to do this.

At the moment I am not having too much success trying this on Samba 3.6 so I am wondering about trying Samba 4. Only thing is I keep reading that Samba 4 is experimental and should not be used on a production Server yet.

Has anyone got an opinion about whether I would be better off using Samba 4 or not.

Thanks,
Nick
 
Old 01-24-2013, 07:20 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,821

Rep: Reputation: Disabled
You should be able to get full ACL support with either version of Samba by simply adding the acl and user_xattr mount options to the underlying file system. The VFS module is not required.

As for stability, Sambe 4.0 is pretty good, but if you don't actually need AD DC functionality there's nothing wrong with sticking with 3.6 for now.
 
Old 01-25-2013, 04:26 AM   #3
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Well need to connect to a Windows AD DC but wasn't thinking of using Samba as the DC.

Got acl & user_xattr in the fstab but what about smb.conf do I need anything more than:
nt acl support = yes
inherit acls = Yes
map acl inherit = Yes

Last edited by Nick_C; 01-25-2013 at 04:30 AM.
 
Old 01-25-2013, 06:20 AM   #4
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Not sure that the above configuration is enough, using that I don't seem to get full ACL support.
Deleting all permissions from windows in preparation for adding our owm ACL entries doesn't work and a whole load of default entries appear back again:

System - Full - This folder, subfolders and files
Authenticated Users - Read & Execute - This folder, subfolders and files
Domain Admins - Full - This folder, subfolders and files
Everyone - None - This folder, subfolders and files
Administrator - Full - This folder only
Domain Users - None - This folder only
Creator Owner - Full - Subfolders and files only
Creator Group - None - Subfolders and files only
Domain Users - Full - Subfolders and files only
Any idea where these are comming from?

Last edited by Nick_C; 01-25-2013 at 06:22 AM.
 
Old 01-27-2013, 02:37 PM   #5
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Samba with ACL still has fixed ACL entries

Currently got samba setup as follows:

/etc/fstab:
acl,user_xattr
/etc/samba/smb.conf:
[WinShare]
comment = Windows Share
path = /mnt/WinShare
read only = no
admin users = "MYDOMAIN\Nick"
nt acl support = yes
inherit acls = yes
map acl inherit = yes
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes
Problem is there are a bunch of fixed default ACL entries which cannot be removed:
System - Full - This folder, subfolders and files
Authenticated Users - Read & Execute - This folder, subfolders and files
Domain Admins - Full - This folder, subfolders and files
Everyone - None - This folder, subfolders and files
Administrator - Full - This folder only
Domain Users - None - This folder only
Creator Owner - Full - Subfolders and files only
Creator Group - None - Subfolders and files only
Domain Users - Full - Subfolders and files only
Anyone know how I can get rid of these?

Thanks,
Nick

Last edited by Nick_C; 01-27-2013 at 02:38 PM.
 
Old 01-27-2013, 05:08 PM   #6
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
Those defaults exist in Windows domains by default, I highly doubt you can or should get rid of them.
 
Old 01-29-2013, 04:24 AM   #7
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Well if Samba is to provide a completely seamless share to windows users such that they do not even know they are using Linux/Samba then these should be able to be deleted as they can be in windows.

From what I have read there should be some way of getting Samba to completely emulate a windows share, I just haven't found the correct settings yet.
 
Old 01-29-2013, 06:00 AM   #8
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
You might be able to delete these in Windows (though I may be wrong on that) but there would be no reason you would ever delete these on windows. Why do you want to delete them off of Samba? It could cause issues working with Widows machines, especially in a domain environment.
 
Old 01-29-2013, 06:13 AM   #9
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Well we want to be able to set our own permissions which I then hope to see inherited by everything on that share.

For example these are a waste of time:
Everyone - None - This folder, subfolders and files
Domain Users - None - This folder only
Creator Group - None - Subfolders and files only
And we might not want everyone on the domain to have:
Authenticated Users - Read & Execute - This folder, subfolders and files
Domain Users - Full - Subfolders and files only
 
Old 01-29-2013, 07:44 AM   #10
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
OK I see what you want now, I was mistaken in my understanding of what you were seeking. You should be able to do what you are trying to do. For testing could you try disabling inherit acls on the share and then delete and see if they reappear.
 
Old 01-29-2013, 10:31 AM   #11
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Slightly different results but still get the following ACEs added back again:

Everyone - None - This folder, subfolders and files
root - Full - This folder only
Enterprise Admins - None - This folder only
Creator Owner - Full - Subfolders and files only
Creator Group - None - Subfolders and files only
 
Old 02-05-2013, 06:37 PM   #12
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
This is an odd one, I'm out of suggestions at the moment, sorry.
 
Old 02-06-2013, 06:16 AM   #13
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
What I was hopeing for was to find someome else who is using Samba with these ACL options to find out if they get the same behaviour. However from lack of other replies I guess no one else is actually using this. Thanks for your help.
 
Old 02-06-2013, 07:02 AM   #14
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
A thought, perhaps user and group mapping from the Linux file system to samba mappings of Windows users and groups is causing these to reappear.
 
Old 02-10-2013, 10:06 AM   #15
Nick_C
Member
 
Registered: Jan 2012
Location: London, England, UK
Distribution: CentOS, Mageia, Debian, Fedora, openSUSE, Ubuntu
Posts: 228

Original Poster
Rep: Reputation: Disabled
Yep that sounds like a distinct possibility. Is there a way to turn off all user & group mapping from smb.conf? I have had a look through the docs and nothing obvious on how to do that.

Thanks,
Nick
 
  


Reply

Tags
acl, samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba/Cups print sharing problems (/var/spool/samba files) Gates1026 Linux - General 9 06-23-2013 01:33 AM
[SOLVED] SAMBA problem ?? rebuilding server ?? How to configure SAMBA share with writing - Win Alvin88 Linux - Newbie 5 04-04-2012 12:51 AM
SAMBA - unix user created, added to samba, and valid users on share, still cannot... mitchell7man Linux - Server 12 03-17-2010 08:37 PM
Is there any way to log user samba who delete or move files/folders on samba server ? b-RAM Linux - Server 1 02-09-2010 12:33 AM
when i restart SAMBA,it says:stop samba failed,start SAMBA OK! whepin Linux - Networking 3 12-26-2001 05:54 AM


All times are GMT -5. The time now is 03:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration