[OpenIndiana-discuss] samba4

maurilio.longo at libero.it maurilio.longo at libero.it
Tue Mar 18 10:05:05 UTC 2025 

Ok, 
so, having an OmniOS VM around and having OmniOS several versions of samba available I was able to test versions 4.17 and 4.10.

4.10 works as expected (at least as far as permission handling is concerned) and I can overwrite a file without problems without using NFSV4 ACLs, but with the simple solarisacl vfs.

[global]
        log level = 2
        server role = standalone server
        workgroup = WORKGROUP
        netbios name = SAMBA4
        map to guest = Bad User
[test]
        path = /nas/testsmb/sys
        read only = no
        writeable = yes
        force user = frecover
        force group = frecover
        guest ok = no
        vfs objects = solarisacl
        vfs objects = streams_xattr
        create mask = 2777
        directory mask = 2777
        write list = @frecover

So, I can say that samba packages past version 4.10.18 are broken, from the log.smbd I can see that write is never allowed on an existing file even if owner/group/others have write permission.

So the question becomes, is there a samba maintainer for Illumos/OmniOS/Openindiana that I can contact to inform that something is not working as expected or at least to ask for the removal of the samba packages past 4.10.18 being that they're broken?

Best regards.

Maurilio.

> Il 17/03/2025 10:30 CET Maurilio Longo via openindiana-discuss <openindiana-discuss at openindiana.org> ha scritto:
> 
>  
> Hi again,
> 
> sorry for continuing my ramblings, but I've spent hours trying to make it work, I've even used Grok's help to find a cause for my problems, but all was in vain.
> 
> This is my latest smb.conf
> 
> [global]
>         log level = 10
>         server role = standalone server
>         workgroup = WORKGROUP
>         netbios name = SAMBA4
>         passdb backend = smbpasswd
> [test]
>         path = /nas/testsmb/sys
>         read only = no
>         writeable = yes
>         force user = frecover
>         force group = frecover
>         guest ok = no
>         vfs objects = zfsacl
> 
> I'm using zfs ACLs, as per Grok suggestion, and these are /nas/testsmb/sys' ACLs
> 
> ls -lV /nas/testsmb/
> total 1
> drwxrwxrwx+  3 frecover frecover       4 mar 17 10:01 sys
>               everyone@:rwxpdDaARWcCos:fd----I:allow
>                  group@:rwxpdDaARWcCos:fd----I:allow
>                  owner@:rwxpdDaARWcCos:fd----I:allow
>          group:frecover:rwxpdDaARWcCos:fd----I:allow
>           user:frecover:rwxpdDaARWcCos:fd----I:allow
> 
> So, open to all to every operation.
> 
> From a windows 11 PC I simply execute, inside a command prompt, a 
> 
>      dir > pippo.txt
> 
> command, the first time, when the file does not exist, it is created and written and it gets these ACLs
> 
> ls -lV /nas/testsmb/sys/
> total 17
> -rwxrwxr--+  1 frecover frecover     368 mar 17 10:04 pippo.txt
>          group:frecover:rwxpdDaARWcCos:------I:allow
>           user:frecover:rwxpdDaARWcCos:------I:allow
>                  owner@:rwxp--aARWcCos:-------:allow
>                  group@:r-----a-R-c--s:-------:allow
>               everyone@:r-----a-R-c--s:-------:allow
> 
> For me it means that at least user frecover and owner can write and rewrite it, instead, if I execute a second dir > pippo.txt, when the file already exists, I get an ACCESS DENIED error, but I can delete the file and/or copy it elsewhere.
> 
> From smb.log it shows that samba forbids its access
> 
> [2025/03/16 18:25:10.305235,  3] ../../source3/smbd/open.c:1446(open_file)
>   open_file: Error opening file pippo.txt (NT_STATUS_ACCESS_DENIED) (in_flags=898) (flags=386)
> [2025/03/16 18:25:10.305259, 10] ../../source3/smbd/open.c:6604(create_file_unixpath)
>   create_file_unixpath: NT_STATUS_ACCESS_DENIED
> 
> So, either something is wrong in the way the share is configured and/or ACLs are assigned to it, or there is a problem in the way smbd is interacting with ACLs on OpenIndiana.
> 
> By the way, nas/testsmb/sys aclmode and aclinherit are both set to passthrough.
> 
> zfs get all nas/testsmb/sys | grep acl
> nas/testsmb/sys  aclmode               passthrough            local
> nas/testsmb/sys  aclinherit            passthrough            local
> nas/testsmb/sys  aclimplicit           on                     default
> 
> 
> If anyone finds any error on what I'm doing, I'd surely like to know it.
> 
> Best regards.
> 
> Maurilio.
> 
> > Il 13/03/2025 10:08 CET Maurilio Longo via openindiana-discuss <openindiana-discuss at openindiana.org> ha scritto:
> > 
> >  
> > Hi all,
> > 
> > I have an old file server, running samba 3.x and I was planning to replace it with a newer unit running latest hipster.
> > 
> > I've installed samba with pkg install samba, and it installed samba version of 4.21.1, my /etc/samba/smb.conf file contains just a test share
> 
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> https://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the openindiana-discuss mailing list