Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: killmasta93 on January 27, 2020, 04:41:44 am
-
Hi,
I was wondering if someone could shed some light on the issue im having.
I have a folder called shares
inside that folder im going to create another folder called Users
So far so good that folder shares and Users can be accessed and modify by the users of the domain.
But inside that folder Users im going to create user1folder and user2folder but i dont want all the users of the domain to have access of those folder
So normally i disable the inheritance and remove the users of the domain and only give test1 to access to user1folder and test2 to user2folder
which means that test2 cannot see user1folder and test1 cannot see user2folder
so this is what i need so not sure if i have to do on samba or on windows?
when i try on windows i get the error when enumerating objects in the container access was denied
This is the smb share conf
[shares]
path = /data
browseable = yes
force create mode = 0660
force directory mode = 0660
valid users = @"Domain Users"
read list =
write list = @"Domain Users"
admin users =
vfs objects = acl_xattr full_audit recycle shadow_copy2
# full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rename unlink rmdir pwrite pread connect disconnect
full_audit:facility = local5
full_audit:priority = notice
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: format = _%Y-%m-%d_%H:%M:%S
shadow: snapprefix = ^pyznap
shadow: delimiter = _
shadow:localtime = no
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
recycle: inherit_nt_acl = Yes
recycle: keeptree = Yes
recycle: versions = Yes
recycle: repository = RecycleBin
https://ibb.co/TtC6BsJ
Thank you
-
:)
I knew it! I had read here in the forum something similar to that you exposed: https://forum.zentyal.org/index.php/topic,31651.msg112742.html#msg112742 (https://forum.zentyal.org/index.php/topic,31651.msg112742.html#msg112742)
I dislike this kind of structures (I fear to provoke some Obsessive Compulsive Dissorder to my systems -Do you remember the poor old HAL9000? -) but I'll do a trial on a VM (and under technical supervision) and will give you feedback.
Cheers!
-
Thanks for the reply, solved it i ad run on ZFS pool the following it was not a samba issue
zfs set acltype=posixacl data
zfs set aclinherit=passthrough data
zfs set xattr=sa data
Hope this helps someone else
-
:)
Honestly, I was so focused on the nested shares designing aspects that I didn't realize on the little detail that you use ZFS. (My favorite commandments are "keep it simple" and "keep it flat") ::)
Could you tell me about your experience with zfs? Why did you decide to use it? What are its advantages?
I'm reading the web of the zfsonlinux https://github.com/zfsonlinux/zfs/wiki/FAQ#what-is-zfs-on-linux (https://github.com/zfsonlinux/zfs/wiki/FAQ#what-is-zfs-on-linux) group. It seems to me it has a steep learning curve (as the K2 mountain, roughly speaking) ;D
Would you recommend me to stole some sysadmindfullness hours to learn zfs?
Cheers!
-
Hey there, sure i love ZFS i currently use Proxmox with it, the idea of why i needed ZFS was the shadow copy, which its a real quick easy hassale to recover on windows server which i needed that option on zentyal i was going crazy until i found ZFS snapshots then redirect into samba shares so i can recover it directly on windows the only issue is the time is off, on windows it shows like 5 hours later.
I would totally recommend ZFS trust me it saved me big time, i used for snapshots pyznaps and PVE-ZSYNC on proxmox and syncoid for vm which are too big to send though network
if you need help let me know
Hope this helps
-
:)
These last years I feel (in Bilbo's words) "like butter scraped over too much bread". I'm too old to learn new tricks without feeling a little overwhelmed.
Could you expose some use cases, workflows, etc?
It sounds like something able to get Samba closer to the high availability standards, isn't it?
Cheers!
-
well no worries one can always learn something new every day, when you say expose some use cases? do you mean how would i put ZFS? Well using ZFS with zentyal as for the snapshots another way to create backups even though i use restic for copies and dumps with pve-zsync with i also say "cant haven't enough copies" as for the the High availability something similar but really i just use to quickly to recover a damaged file im glad to help you need any assistance
-
:)
I'm configuring a lab to learn a little about zfs and his possibilities. I'll will thank you very much if you give me some feedback here ( I'll ask you for help in these specific steps where I'll fall down after reading the documentation) XD
Cheers!
-
sure things let me get you started
install the packages
apt-get install zfsutils-linux
then after that create the pool were going to call it data or what you want
zpool create -f data /dev/vdd
then give it the permissions to edit
sudo chmod 0777 /data
then give permissions so we can disable inheritance
zfs set acltype=posixacl data
zfs set aclinherit=passthrough data
zfs set xattr=sa data
let me know anything else
-
:)
I have to wait for some moment of 'sysadmindfullness' to do my first attempt with zfs. I hope to have some time during this week, in the meanwhile I'm reading the documentation. I'll give you some newbie/wannabe questions in exchange of some valuable feedback from you. ::)
;D
Thank you very much! Cheers!
-
sure thing no worries