<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" >Looking at recent patches to SAMBA I see from December 2015:<br><a href="https://download.samba.org/pub/samba/patches/security/samba-4.1.21-security-2015-12-16.patch" >https://download.samba.org/pub/samba/patches/security/samba-4.1.21-security-2015-12-16.patch</a>,<br>(link found at <a href="https://bugzilla.samba.org/show_bug.cgi?id=11658" >https://bugzilla.samba.org/show_bug.cgi?id=11658</a> which includes the comment:
<pre class="bz_comment_text" >Failing that, smbd_check_access_rights should check Unix perms at that point.
)
</pre></div>
<div dir="ltr" > </div>
<div dir="ltr" ><span style="font-size:0.857em;" ><span style="font-family: courier new,courier,monospace;" >diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c<br>index fca05cf..07e2f8a 100644<br>--- a/source3/modules/vfs_shadow_copy2.c<br>+++ b/source3/modules/vfs_shadow_copy2.c<br>@@ -30,6 +30,7 @@<br> */<br> <br> #include "includes.h"<br>+#include "smbd/smbd.h"<br> #include "system/filesys.h"<br> #include "include/ntioctl.h"<br> #include <ccan/hash/hash.h><br>@@ -1138,6 +1139,42 @@ static char *have_snapdir(struct vfs_handle_struct *handle,<br> return NULL;<br> }<br> <br>+static bool check_access_snapdir(struct vfs_handle_struct *handle,<br>+ const char *path)<br>+{<br>+ struct smb_filename smb_fname;<br>+ int ret;<br>+ NTSTATUS status;<br>+<br>+ ZERO_STRUCT(smb_fname);<br>+ smb_fname.base_name = talloc_asprintf(talloc_tos(),<br>+ "%s",<br>+ path);<br>+ if (smb_fname.base_name == NULL) {<br>+ return false;<br>+ }<br>+<br>+ ret = SMB_VFS_NEXT_STAT(handle, &smb_fname);<br>+ if (ret != 0 || !S_ISDIR(smb_fname.st.st_ex_mode)) {<br>+ TALLOC_FREE(smb_fname.base_name);<br>+ return false;<br>+ }<br>+<br>+ status = smbd_check_access_rights(handle->conn,<br>+ &smb_fname,<br>+ false,<br>+ SEC_DIR_LIST);<br>+ if (!NT_STATUS_IS_OK(status)) {<br>+ <span style="background-color:#FFFF00;" > </span><strong><span style="background-color:#FFFF00;" > DEBUG(0,("user does not have list permission "</span><br><span style="background-color:#FFFF00;" >+ "on snapdir %s\n",</span><br><span style="background-color:#FFFF00;" >+ smb_fname.base_name));</span></strong><br>+ TALLOC_FREE(smb_fname.base_name);<br>+ return false;<br>+ }<br>+ TALLOC_FREE(smb_fname.base_name);<br>+ return true;<br>+}<br>+</span></span></div>
<div dir="ltr" > </div>
<div dir="ltr" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div class="socmaildefaultfont" dir="ltr" style="font-family: Arial; font-size: 10.5pt;" ><div dir="ltr" style="margin-top: 20px;" ><div style="font-family: sans-serif; font-size: 8pt; margin-top: 10px;" ><div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" ><span style="font-family:Verdana, Geneva, sans-serif" ><span style="font-size:11.5pt;" >Daniel</span></span></div>
<div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" ><img alt="/spectrum_storage-banne" src="" src="http://ausgsa.ibm.com/projects/t/tivoli_visual_design/public/2015/Spectrum-Storage/Email-signatures/Storage/spectrum_storage-banner.png" style="width: 601px; height: 5px;" ></div>
<div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" ><br> </div>
<table cellpadding="0" cellspacing="0" border="0" > <tbody> <tr> <td style="width:201px;padding:0cm 0cm 0cm 0cm;" > <div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" ><img alt="Spectrum Scale Logo" src="" src="http://ausgsa.ibm.com/projects/t/tivoli_visual_design/public/2015/Spectrum-Storage/Email-signatures/Storage/spectrum_scale-logo.png" style="width: 75px; height: 120px; float: left;" ></div>
<div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" > </div> </td> <td style="width:21px;padding:0cm 0cm 0cm 0cm;" > </td> <td style="width:202px;padding:0cm 0cm 0cm 0cm;" > <div style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal;" ><strong><span style="font-family:Arial, Helvetica, sans-serif" ><span style="font-size:10.0pt;" >Dr Daniel Kidger</span></span></strong><br> <span style="font-family:Arial, Helvetica, sans-serif" ><span style="font-size:7.5pt;" >IBM Technical Sales Specialist<br> Software Defined Solution Sales<br> <br> +</span></span><span style="color:#5F5F5F;" ><span style="font-family:Verdana, Geneva, sans-serif" ><span style="font-size:10.0pt;" >44-07818 522 266 </span></span></span><br> <span style="color:#5F5F5F;" ><span style="font-family:Arial, Helvetica, sans-serif" ><span style="font-size:8.0pt;" >daniel.kidger@uk.ibm.com</span></span></span></div> </td> </tr> </tbody></table>
<div> </div>
<div><br><font size="2" face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif" > </font></div></div></div></div></div></div></div></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Sobey, Richard A" <r.sobey@imperial.ac.uk><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: Re: [gpfsug-discuss] Snapshots / Windows previous versions<br>Date: Wed, Jul 6, 2016 10:55 AM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >--> <!--[if !mso]><style></style><![endif]--> <!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit" >
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Sure. It might be easier if I just post the entire smb.conf:<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >[global]<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > netbios name = store<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > workgroup = IC<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > security = ads<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > realm = IC.AC.UK<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > kerberos method = secrets and keytab<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > vfs objects = shadow_copy2 syncops gpfs fileid<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > ea support = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > store dos attributes = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > map readonly = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > map archive = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > map system = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > map hidden = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > unix extensions = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > allocation roundup size = 1048576<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > disable netbios = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > smb ports = 445<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ># server signing = mandatory<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > template shell = /bin/bash<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > interfaces = bond2 lo bond0<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > allow trusted domains = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > printing = bsd<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > printcap name = /dev/null<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > load printers = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > disable spoolss = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config IC : default = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config IC : cache time = 180<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config IC : backend = ad<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config IC : schema_mode = rfc2307<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config IC : range = 500 - 2000000<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config * : range = 3000000 - 3500000<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > idmap config * : backend = tdb2<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind refresh tickets = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind nss info = rfc2307<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind use default domain = true<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind offline logon = true<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind separator = /<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind enum users = true<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind enum groups = true<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind nested groups = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind expand groups = 2<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > winbind max clients = 10000<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > clustering = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > ctdbd socket = /tmp/ctdb.socket<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > gpfs:sharemodes = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > gpfs:winattr = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > gpfs:leases = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > gpfs:dfreequota = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ># nfs4:mode = special<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ># nfs4:chown = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > nfs4:chown = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > nfs4:mode = simple<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >nfs4:acedup = merge<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > fileid:algorithm = fsname<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > force unknown acl user = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > shadow:snapdir = .snapshots<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > shadow:fixinodes = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > shadow:snapdirseverywhere = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > shadow:sort = desc<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > syncops:onclose = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > syncops:onmeta = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > kernel oplocks = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > level2 oplocks = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > oplocks = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > notify:inotify = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > wide links = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > async smb echo handler = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > smbd:backgroundqueue = False<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > use sendfile = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > dmapi support = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > aio write size = 1<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > aio read size = 1<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > enable core files = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >#debug logging<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > log level = 2<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > log file = /var/log/samba.%m<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > max log size = 1024<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > debug timestamp = yes<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >[IC]<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > comment = Unified Group Space Area<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > path = /gpfs/prd/groupspace/ic<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > public = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > read only = no<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > valid users = "@domain users"<o:p></o:p></span></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" ><o:p> </o:p></span></p>
<div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm" ><p><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext" lang="EN-US" >From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext" lang="EN-US" > gpfsug-discuss-bounces@spectrumscale.org [mailto:gpfsug-discuss-bounces@spectrumscale.org] <b>On Behalf Of </b>Barry Evans<br><b>Sent:</b> 06 July 2016 10:47<br><b>To:</b> gpfsug-discuss@spectrumscale.org<br><b>Subject:</b> Re: [gpfsug-discuss] Snapshots / Windows previous versions<o:p></o:p></span></p></div></div>
<p><o:p> </o:p></p>
<p>Can you cut/paste your full VFS options for gpfs and shadow copy from smb.conf?<span style="font-size:12.0pt" ><o:p></o:p></span></p>
<p><o:p> </o:p></p>
<div><p>On 06/07/2016 10:37, Sobey, Richard A wrote:<o:p></o:p></p></div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" ><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Quick followup on this. Doing some more samba debugging (i.e. increasing log levels!) and come up with the following:</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:35.602080, 3] ../source3/smbd/vfs.c:1322(check_reduced_name)</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" > check_reduced_name: admin/ict/serviceoperations/slough_project/Slough_Layout reduced to /gpfs/prd/groupspace/ic/admin/ict/serviceoperations/slough_project/Slough_Layout</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:35.611881, 3] ../source3/smbd/dosmode.c:196(unix_mode)</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" > unix_mode(admin/ict/serviceoperations/slough_project/Slough_Layout) returning 0644</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:35.613374, 0] ../source3/modules/vfs_shadow_copy2.c:1211(check_access_snapdir)</span><o:p></o:p></p>
<p><b><span style="font-family:Courier New, Courier, monospace" > user does not have list permission on snapdir /gpfs/prd/groupspace/ic/admin/ict/.snapshots</span></b><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:35.613416, 0] ../source3/modules/vfs_shadow_copy2.c:1380(shadow_copy2_get_shadow_copy_data)</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" > access denied on listing snapdir /gpfs/prd/groupspace/ic/admin/ict/.snapshots</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:35.613434, 0] ../source3/modules/vfs_default.c:1145(vfswrap_fsctl)</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" > FSCTL_GET_SHADOW_COPY_DATA: connectpath /gpfs/prd/groupspace/ic, failed - NT_STATUS_ACCESS_DENIED.</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" >[2016/07/06 10:07:47.648557, 3] ../source3/smbd/service.c:1138(close_cnum)</span><o:p></o:p></p>
<p><span style="font-family:Courier New, Courier, monospace" > 155.198.55.14 (ipv4:155.198.55.14:51298) closed connection to service IPC$</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Any takers? I cannot run mmgetacl on the .snapshots folder at all, as root. A snapshot I just created to make sure I had full control on the folder: (39367 is me, I didn’t run this command on a CTDB node so the UID mapping isn’t working).</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >[root@icgpfs01 .snapshots]# mmgetacl -k nfs4 @GMT-2016.07.06-08.00.06</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >#NFSv4 ACL</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >#owner:root</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >#group:root</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >group:74036:r-x-:allow:FileInherit:DirInherit:Inherited</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >(X)READ/LIST (-)WRITE/CREATE (-)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >(-)DELETE (-)DELETE_CHILD (-)CHOWN (X)EXEC/SEARCH (-)WRITE_ACL (-)WRITE_ATTR (-)WRITE_NAMED</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >user:39367:rwxc:allow:FileInherit:DirInherit:Inherited</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm" ><p><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US" >From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US" > <a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" target="_blank" >gpfsug-discuss-bounces@spectrumscale.org</a> [<a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" target="_blank" >mailto:gpfsug-discuss-bounces@spectrumscale.org</a>] <b>On Behalf Of </b>Sobey, Richard A<br><b>Sent:</b> 20 June 2016 16:03<br><b>To:</b> gpfsug main discussion list <a href="mailto:gpfsug-discuss@spectrumscale.org" target="_blank" > <gpfsug-discuss@spectrumscale.org></a><br><b>Subject:</b> Re: [gpfsug-discuss] Snapshots / Windows previous versions</span><o:p></o:p></p></div></div>
<p> <o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Thanks Kevin. We are upgrading to GPFS 4.2 and CES in a few weeks but our customers have come to like previous versions and indeed it is sort of a selling point for us.</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Samba is the only thing we’ve changed recently after the badlock debacle so I’m tempted to blame that, but who knows.</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >If (when) I find out I’ll let everyone know.</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" >Richard</span><o:p></o:p></p>
<p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US" > </span><o:p></o:p></p>
<div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm" ><p><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US" >From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" lang="EN-US" > <a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" target="_blank" >gpfsug-discuss-bounces@spectrumscale.org</a> [<a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" target="_blank" >mailto:gpfsug-discuss-bounces@spectrumscale.org</a>] <b>On Behalf Of </b>Buterbaugh, Kevin L<br><b>Sent:</b> 20 June 2016 15:56<br><b>To:</b> gpfsug main discussion list <a href="mailto:gpfsug-discuss@spectrumscale.org" target="_blank" > <gpfsug-discuss@spectrumscale.org></a><br><b>Subject:</b> Re: [gpfsug-discuss] Snapshots / Windows previous versions</span><o:p></o:p></p></div></div>
<p> <o:p></o:p></p>
<p>Hi Richard, <o:p></o:p></p>
<div><p> <o:p></o:p></p></div>
<div><p>I can’t answer your question but I can tell you that we have experienced either the exact same thing you are or something very similar. It occurred for us after upgrading from GPFS 3.5 to 4.1.0.8 and it persists even after upgraded to GPFS 4.2.0.3 and the very latest sernet-samba.<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><p>And to be clear, when we upgraded from GPFS 3.5 to 4.1 we did *not* upgrade SAMBA versions at that time. Therefore, I believe that something changed in GPFS. That doesn’t mean it’s GPFS’ fault, of course. SAMBA may have been relying on a bug<ctrl-h><ctrl-h><ctrl-h>undocumented feature in GPFS that IBM fixed for all I know, and I’m obviously speculating here.<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><p>The problem we see is that the .snapshots directory in each folder can be cd’d to but is empty. The snapshots are all there, however, if you:<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><p> cd /<mount point of fs>/.snapshots/<data and time snapshot was taken>/rest/of/path/to/folder/in/question<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><p>This obviously prevents users from being able to do their own recovery of files unless you do something like what you describe, which we are unwilling to do for security reasons. We have a ticket open with DDN…<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><p>Kevin<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<div><div><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" ><div><p>On Jun 20, 2016, at 8:45 AM, Sobey, Richard A <<a href="mailto:r.sobey@imperial.ac.uk" target="_blank" >r.sobey@imperial.ac.uk</a>> wrote:<o:p></o:p></p></div>
<p> <o:p></o:p></p>
<div><div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >Hi all</span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" > </span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >Can someone clarify if the ability for Windows to view snapshots as Previous Versions is exposed by SAMBA or GPFS? Basically, if suddenly my users cannot restore files from snapshots over a CIFS share, where should I be looking?</span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" > </span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >I don’t know when this problem occurred, but within the last few weeks certainly our users with full control over their data now see no previous versions available, but if we export their fileset and set “force user = root” all the snapshots are available.</span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" > </span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >I think the answer is SAMBA, right? We’re running GPFS 3.5 and sernet-samba 4.2.9.</span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" > </span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >Many thanks</span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" > </span><o:p></o:p></p></div>
<div><p><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" >Richard</span><o:p></o:p></p></div>
<p><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif" >_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at<span> </span></span><a href="http://spectrumscale.org/" target="_blank" ><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#954F72" >spectrumscale.org</span></a><br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank" ><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:#954F72" >http://gpfsug.org/mailman/listinfo/gpfsug-discuss</span></a><o:p></o:p></p></div></blockquote></div>
<p> <o:p></o:p></p>
<div><div><p>—<o:p></o:p></p></div>
<div><p>Kevin Buterbaugh - Senior System Administrator<o:p></o:p></p></div>
<div><p>Vanderbilt University - Advanced Computing Center for Research and Education<o:p></o:p></p></div>
<div><p><a href="mailto:Kevin.Buterbaugh@vanderbilt.edu" target="_blank" >Kevin.Buterbaugh@vanderbilt.edu</a> - (615)875-9633<o:p></o:p></p></div>
<div><p> <o:p></o:p></p></div>
<p> <o:p></o:p></p></div>
<p> <o:p></o:p></p></div>
<p><br><br><br><o:p></o:p></p>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<o:p></o:p></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >gpfsug-discuss mailing list<o:p></o:p></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >gpfsug-discuss at spectrumscale.org<o:p></o:p></font></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" ><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank" >http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><o:p></o:p></font></div></blockquote>
<p><o:p> </o:p></p>
<div><p>--<br><br><o:p></o:p></p>
<p>Barry Evans<br>Technical Director & Co-Founder<br><span style="color:red" >Pixit Media</span><br>Mobile: +44 (0)7950 666 248<br><a href="http://www.pixitmedia.com" target="_blank" >http://www.pixitmedia.com</a><o:p></o:p></p></div>
<p><span style="color:windowtext" ><o:p> </o:p></span></p>
<div><p><span style="color:windowtext" ><img id="_x0000_i1025" s_org_src="http://pixitmedia.com/sig/sig-cio.jpg" border="0" ><o:p></o:p></span></p></div>
<div><p><span style="color:windowtext" >This email is confidential in that it is intended for the exclusive attention of the addressee(s) indicated. If you are not the intended recipient, this email should not be read or disclosed to any other person. Please notify the sender immediately and delete this email from your computer system. Any opinions expressed are not necessarily those of the company from which this email was sent and, whilst to the best of our knowledge no viruses or defects exist, no responsibility can be accepted for any loss or damage arising from its receipt or subsequent use of this email.<o:p></o:p></span></p></div></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank" >http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font></div></blockquote>
<div dir="ltr" > </div></div>Unless stated otherwise above:<BR>
IBM United Kingdom Limited - Registered in England and Wales with number 741598. <BR>
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU<BR>
<BR>