Dear mrmarkus,
thank you for fast response.
The original share (as the problem occurs) contains indeed many files and folders,
but i can reproduce the problem wit a complete new share on a different maschine.
(done this some minutes ago)
My steps to reproduce (sorry for the detailed outputs):
-
Create an Group e.g. “share_test” for the planned Fileshare e.g. “TEST” (via Cockpit).
I do this because i use mostly the Posix Rights management, for fileshares, not the ACLs.
-
Add an User (e.g. me) to this Group
-
Create an Fileshare “TEST” (via Cockpit), the Ownergroup should be “share_test”.
The ACL is in standard (Ownergroup read/write, Everyone none).
Other settings: no Guest access, monitoríng on, searchable, network trash, hold copys from files with same name (my GUI is in german)
-
Create an file and a folder in this Share (without special acl)
touch /var/lib/nethserver/ibay/TEST/testfile1
mkdir /var/lib/nethserver/ibay/TEST/testfolder1
(done via root but no difference via smb)
getfacl says for “TEST”:
# file: var/lib/nethserver/ibay/TEST
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
group::rwx
other::—
getfacl says for “TEST/*” (2 objects):
# file: var/lib/nethserver/ibay/TEST/testfile1
# owner: root
# group: share_test@mydomain
user::rw-
group::r–
other::r–
# file: var/lib/nethserver/ibay/TEST/testfolder1
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
group::r-x
other::r-x
-
Set now an ACL for the Fileshare “TEST” via Cockpit,
set a existing user e.g. “tester” with readonly rights.
-
Create again files and a folders in this Share (with this acl)
touch /var/lib/nethserver/ibay/TEST/testfile2
mkdir /var/lib/nethserver/ibay/TEST/testfolder2
(done via root but no difference via smb)
getfacl says for “TEST”:
# file: var/lib/nethserver/ibay/TEST
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
user:tester@mydomain:r-x
group::rwx
mask::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
getfacl says for “TEST/*” (4 objects):
# file: var/lib/nethserver/ibay/TEST/testfile1
# owner: root
# group: share_test@mydomain
user::rw-
group::r–
other::r–
# file: var/lib/nethserver/ibay/TEST/testfile2
# owner: root
# group: share_test@mydomain
user::rw-
user:tester@mydomain:r-x #effective:r–
group::rwx #effective:rw-
mask::rw-
other::—
# file: var/lib/nethserver/ibay/TEST/testfolder1
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
group::r-x
other::r-x
# file: var/lib/nethserver/ibay/TEST/testfolder2
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
user:tester@mydomain:r-x
group::rwx
mask::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
O.k, the new files and folders have the new ACLs, the old have no ACLs.
Until now this is normal, i think.
- Now “reset permissions” for this share via Cockpit
getfacl says for “TEST/*” that all files and folders have ACLs now, as expected:
# file: var/lib/nethserver/ibay/TEST/testfile1
# owner: root
# group: share_test@mydomain
user::rw-
user:tester@mydomain:r–
group::rw-
mask::rw-
other::—
# file: var/lib/nethserver/ibay/TEST/testfile2
# owner: root
# group: share_test@mydomain
user::rw-
user:tester@mydomain:r–
group::rw-
mask::rw-
other::—
# file: var/lib/nethserver/ibay/TEST/testfolder1
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
user:tester@mydomain:r-x
group::rwx
mask::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
# file: var/lib/nethserver/ibay/TEST/testfolder2
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
user:tester@mydomain:r-x
group::rwx
mask::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
- Remove the ACL Entry for user “tester” via Cockpit (press the “x”)
The ACLs are present until now , this is a normal behavior i think.
But then…
- AGAIN “reset permissions” for this share via Cockpit
and getfacl says for “TEST/*”:
(the folder have the ACLs yet, the files have no ACLs)
# file: var/lib/nethserver/ibay/TEST/testfile1
# owner: root
# group: share_test@mydomain
user::rw-
group::rw-
other::—
# file: var/lib/nethserver/ibay/TEST/testfile2
# owner: root
# group: share_test@mydomain
user::rw-
group::rw-
other::—
# file: var/lib/nethserver/ibay/TEST/testfolder1
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
group::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
# file: var/lib/nethserver/ibay/TEST/testfolder2
# owner: root
# group: share_test@mydomain
# flags: -s-
user::rwx
group::rwx
other::—
default:user::rwx
default:user:tester@mydomain:r-x
default:group::rwx
default:mask::rwx
default:other::—
And so i was running in this problem:
I have an fileshare with read/write access for some users (via Group membership in this fileshare-ownergroup) This fileshare has no ACL set.
A new user should become readonly access first, so i added an ACL entry for this fileshare (via Cockpit). But there was some content the user cannot read. So i have “reset permissions” for this share via Cockpit. The new user could now read as axpected.
Some days later the new user should become full access to the share, so i removed the ACL for this user (via Cockpit) and set the new user now in the ownergroup of this fileshare (without ACL).
The new User could do some things now and some not. (smb share over macos high sierra)
He could add folders or copy file in this share as expected, but he could not save MS Office documents in this Share. Error message says: No rights to write or not enough space on share (or something like that)
At first I suspected the Office program, but on other fileshares there was no problem for this user (with no special ACLs set for him before). Therefore I looked at the user rights of the Fileshare via Console.
The ACL with the readonly rights for the new user was still here on folders on files and files.
This was maybe expected, but i have forgotten this because i rarely use ACLs.
So i have “reset permissions” again for this share via Cockpit. But Problem persists.
The ACL with the readonly rights for the new user was still here on folders (and maybe on files, i dont know anymore).
So i have reset the complete path via “setfacl -Rb /var/lib/nethserver/ibay/FREIGABE”.
After that the Problem was gone.
Regards
yummiweb