Web lists-archives.com

[Samba] Weird permissions issues with samba shares and XFS




Hi,

We are trying to deploy samba sharing on Centos 7.4, linked to windows 2016
AD for authentication.

We are having an issue related to permissions where different directories
with seemingly the exact same permissions cannot all be accessed from
smbclient. I was hoping somebody could help me figuring this out.

We have the following structure:

1. one LVM2 volume on /dev/storage/test (XFS) mounted as /storage/test
2. inside /storage/test, we have 2 directories /storage/test/foo and
/storage/test/bar

I created three entries in our server's smb.conf:

[test]
        path = /storage/test
        comment = Sharing root of XFS
[test-foo]
        path = /storage/test/foo
        comment = Sharing foo
[test-bar]
        path = /storage/test/bar
        comment = Sharing bar

I can list all 3 shared with `smbclient -L //localhost`, as expected. Now
for the issues I cannot figure out:

1. doing `ls` in `smbclient //localhost/test`, I get
"NT_STATUS_ACCESS_DENIED listing \*"
2. doing `ls` in `smbclient //localhost/test-foo` works
3. doing `ls` in `smbclient //localhost/test-bar` gives me
"NT_STATUS_ACCESS_DENIED
listing \*" as well

But:

$ ls -l /storage/test/
drwxrwxr-x+ 2 root domain_admins 6 Jun 14 10:37 bar
drwxrwxr-x+ 2 root domain_admins 6 Jun 14 10:37 foo
$ getfactl /storage/test/bar
# file: storage/test/bar/
# owner: root
# group: domain_admins
user::rwx
user:supachots:rwx
group::r-x
group:domain_users:r-x
mask::rwx
other::r-x
$ getfacl /storage/test/foo/
# file: storage/test/foo
# owner: root
# group: domain_admins
user::rwx
user:supachots:rwx
group::r-x
group:domain_users:r-x
mask::rwx
other::r-x

If instead of doing `mkdir foo` + setting up ACL/permissions, I simply `cp
-a bar foo`, then foo is accessible. So it looks as if something besides
ACL/Unix permissions is at play, but I don't know what it is.

I am running stock samba from CENTOS 7.4, that is `smbd -V` gives me 4.7.1.

thank you,
David

-- 
*ダビド・クルナポ*
David Cournapeau, PhD
シニアリサーチエンジニア

*株式会社Cogent Labs*
〒150-0034 東京都渋谷区代官山町
20-23 TENOHA LAB
Tel: 03 6773 1836 <0367731836>

*Direct: 070 3123 1394 <07031231394>*
dcournapeau@xxxxxxxxxxxx

*www.cogent.co.jp <https://www.cogent.co.jp>*
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba