Author Topic: issue shares permissions (solved)  (Read 255 times)

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
issue shares permissions (solved)
« on: January 27, 2020, 04:41:44 am »
Hi,

I was wondering if someone could shed some light on the issue im having.
I have a folder called shares

inside that folder im going to create another folder called Users

So far so good that folder shares and Users can be accessed and modify by the users of the domain.

But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder

So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder

which means that test2 cannot see user1folder and test1 cannot see user2folder

so this is what i need so not sure if i have to do on samba or on windows?

when i try on windows i get the error when enumerating objects in the container access was denied


This is the smb share conf

Code: [Select]
[shares]
    path = /data
    browseable = yes
    force create mode = 0660
    force directory mode = 0660
    valid users = @"Domain Users"
    read list =
    write list = @"Domain Users"
    admin users =
    vfs objects = acl_xattr full_audit recycle shadow_copy2
#    full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
    recycle: excludedir = /tmp|/var/tmp
    recycle: directory_mode = 0700
    recycle: inherit_nt_acl = Yes
    recycle: keeptree = Yes
    recycle: versions = Yes
    recycle: repository = RecycleBin

https://ibb.co/TtC6BsJ

Thank you

« Last Edit: January 28, 2020, 03:46:48 am by killmasta93 »

doncamilo

  • Zen Samurai
  • ****
  • Posts: 350
  • Karma: +83/-1
    • View Profile
Re: issue shares permissions
« Reply #1 on: January 28, 2020, 12:14:29 am »
 :)

I knew it! I had read here in the forum something similar to that you exposed: https://forum.zentyal.org/index.php/topic,31651.msg112742.html#msg112742

I dislike this kind of structures (I fear to provoke some Obsessive Compulsive Dissorder to my systems -Do you remember the poor old HAL9000? -) but I'll do a trial on a VM (and under technical supervision) and will give you feedback.

Cheers!

"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
Re: issue shares permissions
« Reply #2 on: January 28, 2020, 03:46:37 am »
Thanks for the reply, solved it i ad run on ZFS pool the following it was not a samba issue

Code: [Select]
zfs set acltype=posixacl data
zfs set aclinherit=passthrough data
zfs set xattr=sa data

Hope this helps someone else

doncamilo

  • Zen Samurai
  • ****
  • Posts: 350
  • Karma: +83/-1
    • View Profile
Re: issue shares permissions (solved)
« Reply #3 on: January 28, 2020, 11:53:18 am »
 :)

Honestly, I was so focused on the nested shares designing aspects that I didn't realize on the little detail that you use ZFS. (My favorite commandments are "keep it simple" and "keep it flat")  ::)

Could you tell me about your experience with zfs? Why did you decide to use it? What are its advantages?

I'm reading the web of the zfsonlinux https://github.com/zfsonlinux/zfs/wiki/FAQ#what-is-zfs-on-linux group. It seems to me it has a steep learning curve (as the K2 mountain, roughly speaking)  ;D

Would you recommend me to stole some sysadmindfullness hours to learn zfs?

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
Re: issue shares permissions (solved)
« Reply #4 on: January 29, 2020, 05:42:15 am »
Hey there, sure i love ZFS i currently use Proxmox with it, the idea of  why i needed ZFS was the shadow copy, which its a real quick easy hassale to recover on windows server which  i needed that option on zentyal i was going crazy until i found ZFS snapshots then redirect into samba shares so i can recover it directly on windows the only issue is the time is off, on windows it shows like 5 hours later.
I would totally recommend ZFS trust me it saved me big time, i used for snapshots pyznaps and PVE-ZSYNC on proxmox and syncoid for vm which are too big to send though network
if you need help let me know

Hope this helps

doncamilo

  • Zen Samurai
  • ****
  • Posts: 350
  • Karma: +83/-1
    • View Profile
Re: issue shares permissions (solved)
« Reply #5 on: January 29, 2020, 05:55:30 pm »
 :)

These last years I feel (in Bilbo's words) "like butter scraped over too much bread". I'm too old to learn new tricks without feeling a little overwhelmed.

Could you expose some use cases, workflows, etc?

It sounds like something able to get Samba closer to the high availability standards, isn't it?

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
Re: issue shares permissions (solved)
« Reply #6 on: January 31, 2020, 04:53:22 am »
well no worries one can always learn something new every day, when you say expose some use cases? do you mean how would i put ZFS? Well using ZFS with zentyal as for the snapshots another way to create backups even though i use restic for copies and dumps with pve-zsync with i also say "cant haven't enough copies" as for the the High availability something similar  but really i just use to quickly to recover a damaged file im glad to help you need any assistance

doncamilo

  • Zen Samurai
  • ****
  • Posts: 350
  • Karma: +83/-1
    • View Profile
Re: issue shares permissions (solved)
« Reply #7 on: January 31, 2020, 04:46:45 pm »
:)

I'm configuring a lab to learn a little about zfs and his possibilities. I'll will thank you very much if you give me some feedback here ( I'll ask you for help in these specific steps where I'll fall down after reading the documentation) XD

Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
Re: issue shares permissions (solved)
« Reply #8 on: February 01, 2020, 06:08:02 pm »
sure things let me get you started

install the packages

Code: [Select]
apt-get install zfsutils-linux
then after that create the pool were going to call it data or what you want

Code: [Select]
zpool create -f data /dev/vdd
then give it the permissions to edit
sudo chmod 0777 /data

then give permissions so we can disable inheritance

Code: [Select]
zfs set acltype=posixacl data
zfs set aclinherit=passthrough data
zfs set xattr=sa data

let me know anything else

doncamilo

  • Zen Samurai
  • ****
  • Posts: 350
  • Karma: +83/-1
    • View Profile
Re: issue shares permissions (solved)
« Reply #9 on: February 03, 2020, 03:51:17 pm »
 :)

I have to wait for some moment of 'sysadmindfullness'  to do my first attempt with zfs.  I hope to have some time during this week, in the meanwhile I'm reading the documentation. I'll give you some newbie/wannabe questions in exchange of some valuable feedback from you.  ::)

 ;D

Thank you very much! Cheers!
"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

killmasta93

  • Zen Apprentice
  • *
  • Posts: 29
  • Karma: +5/-0
    • View Profile
Re: issue shares permissions (solved)
« Reply #10 on: February 04, 2020, 10:13:00 pm »
sure thing no worries