Mac Users Phantom Locking & Taking Ownership of Files (PC/Mac Environment)

[beltz02]

Good morning –


I have an environment mixed with PC and Mac and they share some files back and forth. I setup a CIFS share and while my PC users haven’t said anything, the Mac side of the house is having issues I’ve outlined below:

Version: FreeNAS-9.2.1.9-RELEASE-x64 (2bbba09)

I need to find a way to stop my mac users from taking ownership and thus “locking” the file. I originally thought this was limited to just adobe files but it appears to be just about everything they edit

We don’t have AD and I am configuring permissions on the windows side.

I originally set it so “employees” had full access of the public drive, but I made an assumption that I could stop the ownership taking by the Mac users.

This turned out not to be the case
Image1

This appears to be what is happening from the file side:

We will use Adobe Illustrator as an example. The user can open the file but when they do a save it will tell them that the file is locked.

In my scenario I then copied the file down from FreeNas to the desktop to see what the permissions would be:

Notice that they have no access so the user can’t edit it. I was able to manually save as on the file and it gives this mac user full control. If the user copies the file back up to the file server (overwriting the existing file) the loop of locking appears to continue.


Any ideas from the experts?

 

[anodos]

Post your smb4.conf file (/usr/local/etc/smb4.conf)
Post getfacl output for the directory being shared, the directory where adobe files are stored, and a sample adobe file.
Post any relevant log entries from your FreeNAS. Smbd logs are stored under /var/log/samba4/log.smbd
I seem to recall that adobe products on Macs do a bit of file-tomfoolery during save operations. I'm a bit too lazy right now to do proper google-fu.

 

[beltz02]

Hi anodos -
Thanks for the response. Log didn't seem to have anything too odd from what I can tell. Also I was in Putty trying to do a getfacl for that directory but I can't even go deep enough as i'm getting "Too many Arguments". I can't remember bash to save my life.

Here is the example of the path where the files would be located
/mnt/tank/DataSet_Windows/MJC_Public/MJC_DESIGN_DRIVE/FALL 2015/DESIGN/WOMENS/WOMEN'S SKETCHES

Code:

[global]
    server max protocol = SMB2
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 11070
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    map to guest = Bad User
    obey pam restrictions = Yes
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    hostname lookups = yes
    time server = yes
    acl allow execute always = true
    acl check permissions = true
    dos filemode = yes
    local master = yes
    idmap config *:backend = tdb
    idmap config *:range = 90000000-100000000
    server role = standalone
    netbios name = FILESERVER
    workgroup = WORKGROUP
    security = user
    pid directory = /var/run/samba
    smb passwd file = /var/etc/private/smbpasswd
    private dir = /var/etc/private
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP437
    unix charset = UTF-8
    log level = 1
   

[homes]
    comment = Home Directories
    valid users = %U
    writable = yes
    browseable = no
    path = /mnt/tank/DataSet_HomeDirectory/%U
   

[MJC File Shares]
    path = /mnt/tank/DataSet_Windows
    printable = no
    veto files = /.snap/.windows/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    shadow:snapdir = .zfs/snapshot
    shadow:sort = desc
    shadow:localtime = yes
    shadow:format = auto-%Y%m%d.%H%M-1w
    vfs objects = shadow_copy2 zfsacl streams_xattr aio_pthread
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
    zfsacl:acesort = dontcare

Log

 

[anodos]

Okay. Let's first try to clear up that log file a bit.

The entries "../source3/modules/vfs_posixacl.c:171(smb_ace_to_internal)
unknown tag type 64" are probably because you need to add some auxiliary parameters to your [homes] share to properly configure windows permissions.

Code:

vfs objects = zfsacl streams_xattr
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare

The entries " host name/name mismatch" are because you haven't properly set up DNS for your LAN. You should disable hostname lookups in your CIFS config to stop it from spamming the log.

Fix those two issues, restart samba, and get a fresh log with behavior when samba / photoshop are misbehaving.

Getfacl syntax is simple

Code:

getfacl /mnt/tank/DataSet_Windows/MJC_Public/MJC_DESIGN_DRIVE/FALL 2015/DESIGN/WOMENS

Have you disabled permissions inheritance within some subdirectories within your share? This can cause erratic behavior within the subdirectory with permissions inheritance disabled.