FAQ SearchLogin
Tuxera Home
View unanswered posts | View active topics It is currently Wed Sep 22, 2021 10:20



Post new topic Reply to topic  [ 4 posts ] 
Linux ACL support NT ACL support 
Author Message

Joined: Mon Jan 03, 2011 14:17
Posts: 2
Post Linux ACL support NT ACL support
Hello,

First thanks for your commitment in making Linux and Windows world compatible.

I'm being inplementing a Samba Server running with ADS security parameter under Linux Ubuntu
Linux zimbra 2.6.32-26-generic #48-Ubuntu SMP x86_64 GNU/Linux


You would find hereafter the smb.conf file.

When using XP tools to setup NTFS ACLs i can't have them registered.
I have been checking that user,group and everyone attributes are working well on my NTFS-3G disk drive using smbcacls and i can change owner and group and uga permissions without any problem.
To do that i needed to build a UserMapping file according to winbind info.
If you ever need it i built a tool to do that using wbinfo in bash shell.

When I try to add NTFS ACLs using smbcacls -A i get the following message:
ERROR: Unable to open credentials file!

I have checked the POSIX acl support for my NTFS-3G drive:
setfacl -m u:myuser:rwx toto.txt
setfacl: toto.txt: Opération non supportée

According to your current documentation, i haven't been able to determine if POSIX ACL support is needed to implement full NTFS ACLs via SAMBA.

I have checked mouting of my ntfs-3G
root@zimbra:/media/ROMPAQSK_# mount -t ntfs-3g -o rw,acl,debug /dev/sdb1 /media/driveA
FUSE library version: 2.8.1
nullpath_ok: 0
Version 2010.3.6 external FUSE 28
Mounted /dev/sdb1 (Read-Write, label "driveA", NTFS 3.1)
Cmdline options: rw,acl,debug
Mount options: rw,acl,silent,allow_other,nonempty,relatime,fsname=/dev/sdb1,blkdev,blksize=4096,default_permissions
User mapping built, configuration type 1
fuse: reading device: Opération non permise
Unmounting /dev/sdb1 (ROMPAQSK_)



Could someone answer the following questions?

1/ Do i need posix acl support to get NTFS ACL working with smbcacls
2/ What is wrong in my settings to support POSIX ACLs?
3/ What does mean the error message: ERROR: Unable to open credentials file! what's the credentials file ?
4/ What does mean the fuse error:fuse: reading device: Opération non permise?

Thanks for all in advance



PS/ smb.conf file


[global]
security = ads
realm = MYDOMAIN.LOCAL
password server = 157.136.54.17
workgroup = MYDOMAIN
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2

[homes]
comment = Home directories
valid users = %S
read only = No
browseable = No

[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
browseable = No


[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
admin users = root, administrateur


[driveNTFS]
comment =Droits NTFS
path = /media/driveA
valid users = administrateur,@"utilisa. du domaine"
admin users = administrateur
browseable = yes
read only = no
nt acl support = yes
create mask = 0770
directory mask = 0770
inherit acls = yes
inherit owner = yes
inherit permissions = yes


Mon Jan 03, 2011 20:44
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux ACL support NT ACL support
Hi Olivier,

Quote:
To do that i needed to build a UserMapping file according to winbind info.
If you ever need it i built a tool to do that using wbinfo in bash shell.

If you have a shell script to build the UserMapping file based on Samba settings, it will surely useful to other people. Can you please post it ?
Quote:
I have checked the POSIX acl support for my NTFS-3G drive:
setfacl -m u:myuser:rwx toto.txt
setfacl: toto.txt: Opération non supportée

Most likely you have not compiled ntfs-3g with Posix ACL support. Type "ntfs-3g --help" and check whether you get "POSIX ACLS are on". If not, you have to configure with option "--enable-posix-acls" and recompile.
Quote:
According to your current documentation, i haven't been able to determine if POSIX ACL support is needed to implement full NTFS ACLs via SAMBA.

AFAIK, you cannot get full NTFS ACLs via Samba. You can only get Samba to translate NTFS ACLs to Posix ACLs and ntfs-3g to translate back to NTFS ACLs, but these translations are lossy.
Quote:
I have checked mouting of my ntfs-3G
root@zimbra:/media/ROMPAQSK_# mount -t ntfs-3g -o rw,acl,debug /dev/sdb1 /media/driveA

The option "acl" does not exist. Please check the valid options on http://b.andre.pagesperso-orange.fr/per ... ml#options (the blue text does not apply to the version you are using).
Quote:
User mapping built, configuration type 1

This shows you have not compiled with POSIX ACL support. Take it as a chance to also get a newer ntfs-3g version.
Quote:
1/ Do i need posix acl support to get NTFS ACL working with smbcacls

This depends on your needs. To make a file read-only or fully allowed to anyone, you do not need Posix ACLs, basic permissions (settable by chmod) are enough. For more complex requirements you may need the Posix ACLs, but you will not get a full transparency from smbcacls on Windows to NTFS on Linux through Samba and ntfs-3g, because there is a double translation in-between.
Quote:
2/ What is wrong in my settings to support POSIX ACLs?

You have not compiled ntfs-3g with Posix ACL support.
Quote:
3/ What does mean the error message: ERROR: Unable to open credentials file! what's the credentials file ?

No idea, this is not a ntfs-3g message, probably a Samba one.

Are you able to create a file on ntfs from Windows, and does it appear on Linux with the correct owner and group ? This is the first step, and you should be able to do that with your current settings.
Quote:
4/ What does mean the fuse error:fuse: reading device: Opération non permise?

No idea. Are you able to create file from Linux on ntfs-3g ? In what circumstances is this error shown ?

Quote:
[driveNTFS]
comment =Droits NTFS
path = /media/driveA
valid users = administrateur,@"utilisa. du domaine"
admin users = administrateur
browseable = yes
read only = no
nt acl support = yes
create mask = 0770
directory mask = 0770
inherit acls = yes
inherit owner = yes
inherit permissions = yes

This looks suspicious to me. This looks like an NTFS drive managed by Windows. From the Samba point of view, this should be like an ext3 drive managed by Linux (on Linux there is no interface for supporting NT ACL or for inheriting ownership, and the Posix inheritance of ACLs or permissions are not the same as the Windows ones).

Regards

Jean-Pierre


Mon Jan 03, 2011 23:32
Profile

Joined: Mon Jan 03, 2011 14:17
Posts: 2
Post Re: Linux ACL support NT ACL support
Thanks for your complete and precise answer.

I will upgrade and compile -with-acl but i'm not sure i would be able to do that in Ubuntu environment without help.

Could you indicate me a good tutorial for my Ubuntu environment?



BTW here is what i promise.


That's ugly written but it has been working quickly
:)

just type

genusermap > UserMapping to get your file populated (works with ADS security through winbind).

Hope it will help.






------------------------------ genusermap -------------------------------------------------------
#! /bin/bash


rm /etc/samba/wbinfo_user*
rm /etc/samba/wbinfo_group*

wbinfo -u > /etc/samba/wbinfo_user
wbinfo -g > /etc/samba/wbinfo_group


while read line
do
wbinfo -i "$line" >> wbinfo_user1
done < wbinfo_user


while IFS=: read username star uid end
do
sid=`wbinfo -U $uid`
echo "$uid::$sid"
done < wbinfo_user1

rm /etc/samba/wbinfo_group1

while read line
do
wbinfo --group-info="$line" >> wbinfo_group1
done < wbinfo_group


while IFS=: read groupname star gid
do
sid=`wbinfo -G $gid`
echo ":$gid:$sid"
done < wbinfo_group1

___________________________________________________________________________________


Tue Jan 18, 2011 12:36
Profile
NTFS-3G Lead Developer

Joined: Tue Sep 04, 2007 17:22
Posts: 1286
Post Re: Linux ACL support NT ACL support
Hi Olivier,

Quote:
Could you indicate me a good tutorial for my Ubuntu environment?

I am not familiar with Ubuntu myself, but if you have a gcc compiler installed, compiling and installing ntfs-3g is straightforward :
Code:
# download the latest ntfs-3g tarball
wget http://tuxera.com/opensource/ntfs-3g-2010.10.2.tgz
# unpack the tarball
tar -xvzf ntfs-3g-2010.10.2.tgz
# enter the just created directory
cd ntfs-3g-2010.10.2
# configure
./configure --enable-posix-acls
# compile
make
# install
sudo make install
# done (hopefully) - the full work directory may now be deleted


Quote:
BTW here is what i promise.
That's ugly written but it has been working quickly

That is fine, thanks. I just suggest putting the work files into /tmp

May I make it publicly available under the GPL conditions ?

Regards

Jean-Pierre


Tue Jan 18, 2011 16:27
Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Original forum style by Vjacheslav Trushkin.