Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: spott on March 03, 2020, 01:47:15 pm
-
Hi
Suddenly - after moving some big folders from one share to another (I made it over terminal) and reseting ownership of files as usual - chown -R username . - we have now big problems with that share. Users can't overwrite files or folders - windows giving disk is full error. They can add new files and folders to this share and delete existing ones - but they can't overwrite files/folders as it gives disk is full error (but we have more than 2TB free space). I gave inside this folder 777 permissions to all files and folders - nothing. I restarted several times server - still nothing.
What I discover. I am running Zentyal 5.0.14 - and under Shares - I don't see "Apply ACLs recursively" part any more in Zentyal admin. This is completely missing.
When I am checking folder permissions under /home/samba/shares, then I see fallowing situation:
drwxrwx---+ 11 SERVER-DOMAIN\administrator adm 4096 Feb 28 15:50 SHARE_1
drwxrwx---+ 4 root adm 4096 Mar 3 13:07 SHARE_WITH_PROBLEMS
drwxrwx---+ 30 SERVER-DOMAIN\administrator adm 4096 Mar 30 2018 SHARE_3
drwxrwx---+ 8 SERVER-DOMAIN\administrator adm 4096 Mar 3 14:09 SHARE_4
this share has other owner - not SERVER_DOMAIN - but root.
When I am making new share - then also - owner is root and group adm.
So my questions:
1) Why this Apply ACLs recursively - is missing now from admin
2) How I can fix permissions inside this share - usually samba restart rewrites all ACL permissions. But not now. Why?
Any other help and tips - what to look.
-
:)
Read this https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs#Setting_ACLs (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs#Setting_ACLs) and https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Samba_Extended_ACL_Support (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Samba_Extended_ACL_Support)
I think that you'll find the answers that you need.
Use the "chown" command to change the owner from root to 'SERVER-DOMAIN\administrator'
Cheers!
-
But any idea - why this Apply ACLs recursively is missing from admin now? Is this normal or some bug?
I will look these wikis and try it tomorrow - there are right now some network service works - so I can't access to the server.
-
I can't change the owner of that directory:
chown SERVER-DOMAIN/administrator share_name/
chown: invalid user: 'SERVER_DOMAIN/administrator'
Even when I try to change it from MC - the same. There I can see the list of users - but it doesn't change.
EDIT:
I look the ACL permissions also for this problematic share - is this normal:
getfacl SHARE_WITH_PROBLEMS
# file: SHARE_WITH_PROBLEMS
# owner: root
# group: adm
user::rwx
user:root:rwx
group::rwx
group:adm:rwx
group:SERVER_DOMAIN\134domain\040admins:rwx
group:SERVER_DOMAIN\134tootearendus_i:rwx
group:SERVER_DOMAIN\134tootearendus_i_piiratud:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::rwx
default:group:adm:rwx
default:group:SERVER_DOMAIN\134domain\040admins:rwx
default:group:SERVER_DOMAIN\134tootearendus_i:rwx
default:group:SERVER_DOMAIN\134tootearendus_i_piiratud:r-x
default:mask::rwx
default:other::---
More information. I looked also ACL information inside this share:
# file: Tootmine_/
# owner: SERVER_DOMAIN\134otherusername
# group: SERVER_DOMAIN\134domain\040users
# flags: ss-
user::rwx
user:root:rwx
user:SERVER_DOMAIN\134administrator:rwx
user:SERVER_DOMAIN\134username:rwx
group::rwx
group:adm:rwx
group:SERVER_DOMAIN\134domain\040admins:rwx
group:SERVER_DOMAIN\134tootearendus_i:rwx
group:SERVER_DOMAIN\134tootearendus_i_piiratud:r-x
group:SERVER_DOMAIN\134tootearendus\040mets:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:SERVER_DOMAIN\134administrator:rwx
default:user:SERVER_DOMAIN\134username:rwx
default:group::rwx
default:group:adm:rwx
default:group:SERVER_DOMAIN\134domain\040admins:rwx
default:group:SERVER_DOMAIN\134tootearendus_i:rwx
default:group:SERVER_DOMAIN\134tootearendus_i_piiratud:r-x
default:group:SERVER_DOMAIN\134tootearendus\040mets:rwx
default:mask::rwx
default:other::---
But here is one output from other folder - inside other share.
# file: Kataloogid/
# owner: root
# group: 1901
user::rwx
user:SERVER_DOMAIN\134administrator:rwx
group::rwx
group:adm:rwx
group:SERVER_DOMAIN\134domain\040admins:rwx
group:SERVER_DOMAIN\134tootearendus_iii:rwx
group:SERVER_DOMAIN\134tootearendus_iii_piiratud:r-x
group:SERVER_DOMAIN\134juhtkond\040company:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:SERVER_DOMAIN\134administrator:rwx
default:group::rwx
default:group:adm:rwx
default:group:SERVER_DOMAIN\134domain\040admins:rwx
default:group:SERVER_DOMAIN\134tootearendus_iii:rwx
default:group:SERVER_DOMAIN\134tootearendus_iii_piiratud:r-x
default:group:SERVER_DOMAIN\134juhtkond\040company:rwx
default:mask::rwx
default:other::---
Where we have problems - there are # flags: ss- - what it mean? Can it be the problem?
EDIT: More information.
There is some samba ACL reset problems - as default:group:SERVER_DOMAIN\134tootearendus\040mets:rwx - this is removed from this share access list. But why it still shows it? So the samba doesn't reset ACL-s.
-
I still have the same problem.
Any help or hints - what to look?
Now one user can't copy or add files to any shared folder any more. Other user - can.
-
EDIT:
I updated to the latest Zentyal 6.1 - lets see, does it help or not.
-
:)
https://forum.zentyal.org/index.php/topic,34922.msg113422.html#msg113422 (https://forum.zentyal.org/index.php/topic,34922.msg113422.html#msg113422)
Cheers!
-
Hi there spott
Any advance on this?
I can confirm there is an issue with acl permissions in Zentyal.
I am facing a very similar problem here.
Everytime I want to set an acl, I need to do it twice in order to make it effective.
For example:
There is a folder called "drivers" in my samba share and only "IT" group have RW access to it.
If I want to add RW access to "developers" group through Zentyal's webgui, I need to:
1 - set my new acl
2 - save new settings (orange button)
3 - remove my new acl
4 - save new settings
5 - set my new acl AGAIN
6 - save new settings
Now it works.
I tested this in Zentyal 7 and 6.2
Even when installing it out of the box.
I believe there is a bug or something...
-
Hi
I get rid of that after update
-
So are you running version 6.1 or 7.0?
-
I think now 6.2 or newer - but not 7.