Owner of file in a samba share changes - unwanted behavior

samba4

#1

Hi Guys,

I encounter an unwanted behavior of samba.

The share is on a ucs and accessed from win7. A file inside that share is to be edited by members of a defined group A.
When such a User changes the file, the owner of that file changes too.
How can I stop this behavior and grant that owner and owning group stay the same at any time?

Worse: when another member of Group B - which is member of group A - changes the file, owner and possessing group change (the group is the standard-group of this recent user then). So the file is owned by different user and group afterwards.
I tested on an ubuntu server with samba and this change of owner didn’t happen.

Any Idea how to avoid that phenomenon?

Thank you in advance

Bernhard


#2

Hi,

I guess this is a combination of ACL misconfiguration and behavior of MS Office (I assume you are using MS Office).
The later opens a file for editing. When you write, it creates a new file, writes content into the file, deletes the original one and renames the new one to the old name. See here.
When a file is created it inherits the owner and permissions of the folder. This is the reason why the file appears to change its owner- because it is a new file.

So you would have to check for the folder your ACLs (from Windows) as well as your share permissions (in UMC). You might want to reset your ACLs in case you initially made a mess.

/CV


#3

Thank you for answering so quickly.
For there are no ACLs involved it seems to be an issue due to MS-Office (your assumption of course was true …) I’ll do some more testing (there are other problems with shares also) and let you know.


#4

When trying to test with a new share I just found a much bigger Problem:
I cannot set up shares anymore!
The entry in the UMC seems to be saved without error but the share does not appear in the network and testparm doesn’t list it. Running the system-selftest in the gui gives back the following:

1 nicht synchronisierte UCS Objekte und 2 nicht synchronisierte S4 Objekte. Weitere Hinweise finden Sie unter [Univention Support Database - How to deal with s4-connector rejects](https://help.univention.com/t/how-to-deal-with-s4-connector-rejects/33). Nicht synchronisierte UCS Objekte: UCS DN: cn=Console Logon,cn=Builtin,dc=hipsy,dc=intranet, S4 DN: cn=console logon,cn=builtin,DC=hipsy,DC=intranet, Dateiname: /var/lib/univention-connector/s4/1539024492.016149 Nicht synchronisierte S4 Objekte: S4 DN: CN=Console Logon,CN=Builtin,DC=hipsy,DC=intranet, UCS DN: cn=console logon,cn=builtin,dc=hipsy,dc=intranet S4 DN: cn={E38CDD53-0864-40CF-BD65-B2BA7903485E},CN=Policies,CN=System,DC=hipsy,DC=intranet, UCS DN: nicht gefunden

But I don’t know, wether this has something to do with my sharing prob or not.
Any Idea?

Regards

Bernhard


#5

Well, have you checked

?

/CV


#6

Yes. But I don’t know how to deal with the results, and get no clues, wether it has anything to do with the unability to set up shares.
The S-4-search told me
LDAP error 32 LDAP_NO_SUCH_OBJECT
for the last one of the above errors. That matches the error above, but gives me no more hint, what to do.


#7

Hello Mr. Voelker,

had no time to go on with the topic last week, but i’d like to resume now.
Firstly, you were completely right concerning the permission/ownership problem; setting default-acls solved it.
Concerning the share problem I’ve made no advantages. Beside the warning mentioned above, on the member-server (where the shares are located) udn-replication seems to be broken.

univention-directory-listener-ctrl status run on the member-server:

Summary
# univention-directory-listener-ctrl status
Listener status:
 run: univention-directory-listener: (pid 30001) 47s, normally down

Current Notifier ID on "hipsctrl-1.hipsy.intranet"
 12057

Last Notifier ID processed by local Listener:
 11708

tail: '/var/lib/univention-ldap/notify/transaction' kann nicht zum Lesen geöffnet werden: Datei oder Verzeichnis nicht gefunden
Last transaction processed:


Modules:
3       faillog /usr/lib/univention-directory-listener/system/faillog.py
3       gencertificate  /usr/lib/univention-directory-listener/system/gencertificate.py
3       homedir-autocreate      /usr/lib/univention-directory-listener/system/homedir-autocreate.py
3       hosteddomains   /usr/lib/univention-directory-listener/system/hosteddomains.py
3       keytab  /usr/lib/univention-directory-listener/system/keytab.py
3       ldap_server     /usr/lib/univention-directory-listener/system/ldap_server.py
3       license_uuid    /usr/lib/univention-directory-listener/system/license_uuid.py
3       nagios-client   /usr/lib/univention-directory-listener/system/nagios-client.py
3       nfs-homes       /usr/lib/univention-directory-listener/system/nfs-homes.py
3       nfs-shares      /usr/lib/univention-directory-listener/system/nfs-shares.py
3       nscd_update     /usr/lib/univention-directory-listener/system/nscd.py
3       nss     /usr/lib/univention-directory-listener/system/nss.py
3       pkgdb-watch     /usr/lib/univention-directory-listener/system/pkgdb-watch.py
3       portal_category /usr/lib/univention-directory-listener/system/portal_category.py
3       portal_entry    /usr/lib/univention-directory-listener/system/portal_entry.py
3       portal  /usr/lib/univention-directory-listener/system/portal.py
3       quota   /usr/lib/univention-directory-listener/system/quota.py
3       samba-privileges        /usr/lib/univention-directory-listener/system/samba-privileges.py
3       samba-shares    /usr/lib/univention-directory-listener/system/samba-shares.py
3       udm_extension   /usr/lib/univention-directory-listener/system/udm_extension.py
3       umc-service-providers   /usr/lib/univention-directory-listener/system/umc-service-providers.py
3       univention-saml-servers /usr/lib/univention-directory-listener/system/univention-saml-servers.py
3       well-known-sid-name-mapping     /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py

Would you agree that this is likely to be the cause of the unability to set up shares anymore?
This posting recommends to complete missing lines manually, but how can I rebuild the completely missing directory
/var/lib/univention-ldap/notify
on the memberserver?

Edit: just found that /var/lib/univention-ldap/notify exists on none of the three servers in the domain, except for the dc-master (normal?). And the udn count is the same (11708) on these servers, only on the the master the listener- and notifier-counts do match.

the listener-log of the memberserver tells:

Summary
13.01.19 17:05:05.526  DEBUG_INIT
13.01.19 17:05:05.538  LISTENER    ( INFO    ) : Backup found: hipsctrl-3.hipsy.intranet
0: hipsctrl-3.hipsy.intranet
1: hipsctrl-1.hipsy.intranet
13.01.19 17:05:05.538  LISTENER    ( INFO    ) : rands with seed 2329593141d 
13.01.19 17:05:05.538  LISTENER    ( INFO    ) : randval = 0 
13.01.19 17:05:05.539  LISTENER    ( WARN    ) : Notifier/LDAP server is hipsctrl-3.hipsy.intranet:0
13.01.19 17:05:05.539  LDAP        ( PROCESS ) : connecting to ldap://hipsctrl-3.hipsy.intranet:7389
13.01.19 17:05:05.550  LDAP        ( INFO    ) : simple_bind as cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
13.01.19 17:05:05.557  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
13.01.19 17:05:05.557  LISTENER    ( WARN    ) : can not connect to LDAP server hipsctrl-3.hipsy.intranet:7389
13.01.19 17:05:05.557  LISTENER    ( WARN    ) : can not connect any server, retrying in 30 seconds
0: hipsctrl-3.hipsy.intranet
1: hipsctrl-1.hipsy.intranet
13.01.19 17:05:35.558  LISTENER    ( INFO    ) : randval = 1 
13.01.19 17:05:35.558  LISTENER    ( WARN    ) : Notifier/LDAP server is hipsctrl-1.hipsy.intranet:7389
13.01.19 17:05:35.558  LDAP        ( PROCESS ) : connecting to ldap://hipsctrl-1.hipsy.intranet:7389
13.01.19 17:05:35.568  LDAP        ( INFO    ) : simple_bind as cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
13.01.19 17:05:35.577  LISTENER    ( INFO    ) : connecting to notifier hipsctrl-1.hipsy.intranet:6669
13.01.19 17:05:35.578  LISTENER    ( INFO    ) : established connection to 10.0.0.26 port 6669
13.01.19 17:05:35.582  LISTENER    ( INFO    ) : connection okay to host hipsctrl-1.hipsy.intranet:7389
13.01.19 17:05:35.582  LISTENER    ( INFO    ) : cache_init: using default mapsize: 2147483648
13.01.19 17:05:35.706  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/portal_entry.py
13.01.19 17:05:35.805  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/udm_extension.py
13.01.19 17:05:36.331  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/nfs-homes.py
13.01.19 17:05:36.331  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/license_uuid.py
13.01.19 17:05:36.332  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/gencertificate.py
13.01.19 17:05:36.334  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/quota.py
13.01.19 17:05:36.336  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/nscd.py
13.01.19 17:05:36.337  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/pkgdb-watch.py
13.01.19 17:05:36.466  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/nagios-client.py
13.01.19 17:05:36.468  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/ldap_server.py
13.01.19 17:05:36.488  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/samba-privileges.py
13.01.19 17:05:36.491  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/univention-saml-servers.py
13.01.19 17:05:36.491  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/samba-shares.py
13.01.19 17:05:36.520  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/homedir-autocreate.py
13.01.19 17:05:36.525  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/umc-service-providers.py
13.01.19 17:05:36.526  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/keytab.py
13.01.19 17:05:36.527  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/faillog.py
13.01.19 17:05:36.975  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/nss.py
13.01.19 17:05:36.976  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/hosteddomains.py
13.01.19 17:05:36.976  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/nfs-shares.py
13.01.19 17:05:36.979  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/portal.py
13.01.19 17:05:36.986  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/well-known-sid-name-mapping.py
13.01.19 17:05:36.991  LISTENER    ( INFO    ) : importing handler /usr/lib/univention-directory-listener/system/portal_category.py
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : setting data for all handlers: key=basedn  value=dc=hipsy,dc=intranet
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: listener passed key="basedn" value="dc=hipsy,dc=intranet"
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : setting data for all handlers: key=binddn  value=cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: listener passed key="binddn" value="cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet"
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : setting data for all handlers: key=bindpw  value=<HIDDEN>
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: listener passed key="bindpw" value="<HIDDEN>"
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : setting data for all handlers: key=ldapserver  value=hipsctrl-1.hipsy.intranet
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: listener passed key="ldapserver" value="hipsctrl-1.hipsy.intranet"
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: ldap server changed to hipsctrl-1.hipsy.intranet
13.01.19 17:05:36.992  LISTENER    ( INFO    ) : pkgdb-watch: ldap reconnect triggered
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=hipsctrl-1.hipsy.intranet port=7389 base=dc=hipsy,dc=intranet
13.01.19 17:05:36.996  LDAP        ( INFO    ) : establishing new connection with retry_max=11
13.01.19 17:05:37.007  LDAP        ( INFO    ) : bind binddn=cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
UNIVENTION_DEBUG_END    : uldap.__open host=hipsctrl-1.hipsy.intranet port=7389 base=dc=hipsy,dc=intranet
13.01.19 17:05:37.018  LISTENER    ( INFO    ) : Last Notifier ID: 11708
13.01.19 17:05:37.144  LISTENER    ( ERROR   ) : connection to notifier was closed
13.01.19 17:05:37.144  LISTENER    ( ERROR   ) : failed to recv result
13.01.19 17:05:37.144  LISTENER    ( ERROR   ) : listener: 1
13.01.19 17:05:37.144  LDAP        ( INFO    ) : closing connection
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: portal_entry (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: udm_extension (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: nfs-homes (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: license_uuid (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: gencertificate (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: quota (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: nscd_update (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: pkgdb-watch (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: nagios-client (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: ldap_server (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: samba-privileges (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: univention-saml-servers (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: samba-shares (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: homedir-autocreate (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: umc-service-providers (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: keytab (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: faillog (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: nss (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: hosteddomains (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: nfs-shares (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: portal (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: well-known-sid-name-mapping (prepared=0)
13.01.19 17:05:37.145  LISTENER    ( INFO    ) : postrun handler: portal_category (prepared=0)
13.01.19 17:05:42.449  DEBUG_INIT
13.01.19 17:05:42.462  LISTENER    ( INFO    ) : Backup found: hipsctrl-3.hipsy.intranet
0: hipsctrl-3.hipsy.intranet
1: hipsctrl-1.hipsy.intranet
13.01.19 17:05:42.462  LISTENER    ( INFO    ) : rands with seed 3371485748d 
13.01.19 17:05:42.462  LISTENER    ( INFO    ) : randval = 0 
13.01.19 17:05:42.463  LISTENER    ( WARN    ) : Notifier/LDAP server is hipsctrl-3.hipsy.intranet:0
13.01.19 17:05:42.463  LDAP        ( PROCESS ) : connecting to ldap://hipsctrl-3.hipsy.intranet:7389
13.01.19 17:05:42.474  LDAP        ( INFO    ) : simple_bind as cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
13.01.19 17:05:42.481  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
13.01.19 17:05:42.481  LISTENER    ( WARN    ) : can not connect to LDAP server hipsctrl-3.hipsy.intranet:7389
13.01.19 17:05:42.481  LISTENER    ( WARN    ) : can not connect any server, retrying in 30 seconds
0: hipsctrl-3.hipsy.intranet
1: hipsctrl-1.hipsy.intranet
13.01.19 17:06:12.482  LISTENER    ( INFO    ) : randval = 0 
13.01.19 17:06:12.482  LISTENER    ( WARN    ) : Notifier/LDAP server is hipsctrl-3.hipsy.intranet:7389
13.01.19 17:06:12.482  LDAP        ( PROCESS ) : connecting to ldap://hipsctrl-3.hipsy.intranet:7389
13.01.19 17:06:12.491  LDAP        ( INFO    ) : simple_bind as cn=cgjung,cn=memberserver,cn=computers,dc=hipsy,dc=intranet
13.01.19 17:06:12.497  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
13.01.19 17:06:12.497  LISTENER    ( WARN    ) : can not connect to LDAP server hipsctrl-3.hipsy.intranet:7389
13.01.19 17:06:12.497  LISTENER    ( WARN    ) : can not connect any server, retrying in 30 seconds

I hope you’ll have an idea for I don’t