SMB/CIFS/Windows share: permissions and timestamps

Status
Not open for further replies.

mortar

Dabbler
Joined
Oct 5, 2015
Messages
25
Hi,

After spending a day, in vain, on this, I'll just post results of my testing below. In short, using a CIFS share from Linux or Mac is wildly inconsistent regarding unix permissions and more importantly file and directory timestamps.

I tested file and directory copying with different client OSes (debian, ubuntu, mac 10.5/6), file utilities (cp, mv, ditto, tar, desktop gui). A rather simple expectation from a file server would that it can preserve the timestamps of the copied files - even a FAT formatted USB stick can do this. Samba is also supposed to be able to interoperate with unix systems enough to preserve file (rwx) permissions in some cases.

As the lengthy testing "log" below shows, the handling of timestamps and permissions varies enough per situation to need checking every time you copy something over. Is it really supposed to behave like this? Or maybe misconfiguration/misunderstanding on my part?

Goal is to have shares that can be used primarily from linux/mac, but sometimes also from windows, hence the choice of CIFS and desire to preserve as much of the unix attributes as possible.

Code:
CIFS shares

MYSHARE, dataset w/unix permissions
GUESTSHARE, dataset w/windows permissions

debian:
 samba 2:4.1.17+dfsg-2
 gvfs  1.22.2-1
 fuse  2.9.3-15+deb8u1
 linux 3.16.7-ckt11-1+deb8u4
mount -t cifs //MYSHARE /mnt -o username=MYUSER
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions preserved
Thunar (cut or copy&paste):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved
 - permissions not preserved
mv:
 - timestamps preserved
 - permissions preserved
tar:
 - timestamps preserved
 - permissions preserved
Thunar (cut or copy&paste):
 directories
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions preserved

mount -t cifs //GUESTSHARE /mnt -o username=guest
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions not preserved
Thunar (cut or copy&paste):
 - timestamp preserved
 - permissions not preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved
 - permissions not preserved
mv:
 - timestamps preserved
 - permissions not preserved
tar:
 - timestamps preserved
 - permissions not preserved
Thunar (cut or copy&paste):
 directories
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions not preserved
 
GVFS mount through Thunar
smb://MYSHARE
smb://GUESTSHARE
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions not preserved
Thunar (cut or copy&paste):
 - timestamp preserved
 - permissions not preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved, except for some files
 - permissions not preserved
mv:
 - timestamps preserved, except for some files
 - permissions not preserved
tar:
 - timestamps preserved, except for some files
 - permissions not preserved
Thunar (cut or copy&paste):
 directories
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions not preserved

ubuntu 14.04:
 samba 2:4.1.6+dfsg-1ubuntu2.14.04.9
 gvfs  1.20.3-0ubuntu1.2
 fuse  2.9.2-4ubuntu4.14.04.1
 linux 3.16.0-50.67~14.04.1
mount -t cifs //MYSHARE /mnt -o username=MYUSER
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions preserved
nautilus (copy&paste or move):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved
 - permissions not preserved
mv:
 - timestamps preserved
 - permissions preserved
tar:
 - timestamps preserved
 - permissions preserved
nautilus (copy&paste):
 directories / files
 - timestamps preserved
 - permissions preserved

nautilus (move):
 directories
 - timestamps not preserved
 - permissions preserved
 files
 - timestamps preserved
 - permissions preserved
   
GVFS mount through nautilus
single file
cp -a :
 - timestamp not preserved
 - permissions not preserved
mv:
 - timestamp not preserved
 - permissions not preserved
nautilus (copy&paste or move):
 - timestamp preserved
 - permissions not preserved

copy a directory containing files and dirs
cp -a :
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
mv:
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
tar:
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
nautilus (copy&paste):
 directories / files
 - timestamps preserved
 - permissions not preserved
nautilus (move):
 directories / files
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions not preserved

Mac OS X 10.5
Finder smb://MYSHARE
single file
cp -pPR:
 - timestamp not preserved
 - permissions preserved
mv:
 - timestamp not preserved
 - permissions preserved
ditto:
 - timestamp preserved
 - permissions preserved
Finder (drag/copy or finder drag/move):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -pPR:
 directories
 - timestamps preserved
 - permissions preserved
 files
 - timestamps not preserved
 - permissions preserved
mv:
 directories
 - timestamps preserved
 - permissions preserved
 files
 - timestamps not preserved
 - permissions preserved
ditto:
 - timestamps preserved
 - permissions preserved
tar:
 - timestamps preserved
 - permissions preserved
Finder (drag/copy):
 root of copied dir hierarchy
 - timestamps not preserved
 - permissions preserved
 files and contained directories
 - timestamps preserved
 - permissions preserved

Finder smb://GUESTSHARE
single file
cp -pPR:
 - timestamp not preserved
 - permissions not preserved
mv:
 - timestamp not preserved
 - permissions not preserved
ditto:
 - does not copy at all (permission denied)
Finder (drag/copy or finder drag/move):
 - does not copy at all (permission denied)

copy a directory containing files and dirs
cp -pPR:
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
mv:
 directories
 - timestamps preserved (except root dir)
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
ditto:
 - creates root directory and quits
tar:
 - timestamps preserved
 - permissions not preserved
Finder (drag/copy):
 - quits midway with permission problem



Mac OS X 10.6
Finder smb://MYSHARE
single file
cp -pPR:
 - timestamp not preserved
 - permissions preserved
mv:
 - timestamp not preserved
 - permissions preserved
ditto:
 - timestamp preserved
 - permissions preserved
Finder (drag/copy or finder drag/move):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -pPR:
 directories
 - timestamps preserved
 - permissions preserved
 files
 - timestamps not preserved
 - permissions preserved
mv:
 directories
 - timestamps preserved
 - permissions preserved
 files
 - timestamps not preserved
 - permissions preserved
ditto:
 - timestamps preserved
 - permissions preserved
tar (different from 10.5):
 directories
 - timestamps preserved
 - permissions preserved
 files
 - timestamps not preserved
 - permissions preserved
Finder (drag/copy): (different from 10.5)
 files and contained directories
 - timestamps preserved
 - permissions preserved

Finder smb://GUESTSHARE
single file
cp -pPR:
 - timestamp not preserved
 - permissions not preserved
mv:
 - timestamp not preserved
 - permissions not preserved
ditto:
 - does not copy at all (permission denied)
Finder (drag/copy or finder drag/move) (different from 10.5):
 - timestamp preserved
 - permissions not preserved

copy a directory containing files and dirs
cp -pPR:
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
mv:
 directories
 - timestamps preserved (different from 10.5)
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
ditto:
 - creates root directory and quits
tar (different from 10.5):
 directories
 - timestamps preserved
 - permissions not preserved
 files
 - timestamps not preserved
 - permissions not preserved
Finder (drag/copy or drag/move):
 - timestamps preserved
 - permissions not preserved

 

mortar

Dabbler
Joined
Oct 5, 2015
Messages
25
Post a copy of /etc/local/smb4.conf. Please note that it is recommended not to use Unix permission type with samba shares on FreeNAS.

From my other thread, home-user1 would be MYSHARE above and guesttest GUESTSHARE:

Code:
[global]
  server max protocol = SMB2
  encrypt passwords = yes
  dns proxy = no
  strict locking = no
  oplocks = yes
  deadtime = 15
  max log size = 51200
  max open files = 470315
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes
  getwd cache = yes
  guest account = nobody
  map to guest = Bad User
  obey pam restrictions = yes
  directory name cache size = 0
  kernel change notify = no
  panic action = /usr/local/libexec/samba/samba-backtrace
  nsupdate command = /usr/local/bin/samba-nsupdate -g
  server string = FreeNAS Server
  ea support = yes
  store dos attributes = yes
  lm announce = yes
  time server = yes
  acl allow execute always = true
  acl check permissions = true
  dos filemode = yes
  multicast dns register = yes
  domain logons = no
  local master = yes
  idmap config *: backend = tdb
  idmap config *: range = 90000001-100000000
  server role = standalone
  netbios name = MYSERVER
  workgroup = WORKGROUP
  security = user
  pid directory = /var/run/samba
  smb passwd file = /var/etc/private/smbpasswd
  private dir = /var/etc/private
  create mask = 0666
  directory mask = 0777
  client ntlmv2 auth = yes
  dos charset = CP437
  unix charset = UTF-8
  log level = 1
 

[user2]
  path = /mnt/vol1/home-user2
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = no
  vfs objects = zfs_space zfsacl aio_pthread streams_xattr
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
  case sensitive = yes
 

[user1]
  path = /mnt/vol1/home-user1
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = no
  vfs objects = zfs_space zfsacl aio_pthread streams_xattr
  hide dot files = yes
  guest ok = no
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
  case sensitive = yes
 

[guesttest]
  path = /mnt/vol1/guesttest
  printable = no
  veto files = /.snapshot/.windows/.mac/.zfs/
  writeable = yes
  browseable = yes
  vfs objects = zfs_space zfsacl aio_pthread streams_xattr
  hide dot files = yes
  guest ok = yes
  nfs4:mode = special
  nfs4:acedup = merge
  nfs4:chown = true
  zfsacl:acesort = dontcare
 

mortar

Dabbler
Joined
Oct 5, 2015
Messages
25
As a point of comparison, I ran some of the same tests with Mac OS X 10.5 as the smb server instead of FreeNAS. There are less glitches with the OS X as the server. Notably, the linux gvfs client preserves timestamps better and the OS X client (unsurprisingly) works almost perfectly, except for a glitch in permissions when using Apple's own ditto tool. FWIW the samba version in OS X 10.5 is 3.0.25b-apple, probably heavily patched by Apple.

All in all, this exercise in futility probably shows that samba simply isn't very dependable as anything else than a server for windows clients (I'm supposing that must work).

Code:
MAC OS X 10.5 SHARE

debian:
 samba 2:4.1.17+dfsg-2
 gvfs  1.22.2-1
 fuse  2.9.3-15+deb8u1
 linux 3.16.7-ckt11-1+deb8u4
mount -t cifs //MACOSXSHARE /mnt -o username=USER
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions preserved
Thunar (cut or copy&paste):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved
 - permissions not preserved
mv:
 - timestamps preserved
 - permissions preserved
tar:
 - timestamps preserved
 - permissions preserved
Thunar (cut or copy&paste):
 directories
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions preserved

GVFS mount through Thunar
smb://MACOSXSHARE
single file
cp -a :
 - timestamp preserved
 - permissions not preserved
mv:
 - timestamp preserved
 - permissions not preserved
Thunar (cut or copy&paste):
 - timestamp preserved
 - permissions not preserved

copy a directory containing files and dirs
cp -a :
 - timestamps preserved
 - permissions not preserved
mv:
 - timestamps preserved
 - permissions not preserved
tar:
 - timestamps preserved
 - permissions not preserved
Thunar (cut or copy&paste):
 directories
 - timestamps not preserved
 - permissions not preserved
 files
 - timestamps preserved
 - permissions not preserved

Mac OS X 10.5
Finder smb://MACOSXSHARE
single file
cp -pPR:
 - timestamp preserved
 - permissions preserved
mv:
 - timestamp preserved
 - permissions preserved
ditto:
 - timestamp preserved
 - permissions NOT preserved (adds +x to owner)
Finder (drag/copy or finder drag/move):
 - timestamp preserved
 - permissions preserved

copy a directory containing files and dirs
cp -pPR:
 - timestamps preserved
 - permissions preserved
mv:
 - timestamps preserved
 - permissions preserved
ditto:
 - timestamps preserved
 - permissions not preserved (files: adds +x to owner)
tar:
 - timestamps preserved
 - permissions preserved
Finder (drag/copy):
 - timestamps preserved
 - permissions preserved

 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
As a point of comparison, I ran some of the same tests with Mac OS X 10.5 as the smb server instead of FreeNAS. There are less glitches with the OS X as the server. Notably, the linux gvfs client preserves timestamps better and the OS X client (unsurprisingly) works almost perfectly, except for a glitch in permissions when using Apple's own ditto tool. FWIW the samba version in OS X 10.5 is 3.0.25b-apple, probably heavily patched by Apple.

All in all, this exercise in futility probably shows that samba simply isn't very dependable as anything else than a server for windows clients (I'm supposing that must work).

Code:
MAC OS X 10.5 SHARE

debian:
samba 2:4.1.17+dfsg-2
gvfs  1.22.2-1
fuse  2.9.3-15+deb8u1
linux 3.16.7-ckt11-1+deb8u4
mount -t cifs //MACOSXSHARE /mnt -o username=USER
single file
cp -a :
- timestamp preserved
- permissions not preserved
mv:
- timestamp preserved
- permissions preserved
Thunar (cut or copy&paste):
- timestamp preserved
- permissions preserved

copy a directory containing files and dirs
cp -a :
- timestamps preserved
- permissions not preserved
mv:
- timestamps preserved
- permissions preserved
tar:
- timestamps preserved
- permissions preserved
Thunar (cut or copy&paste):
directories
- timestamps not preserved
- permissions not preserved
files
- timestamps preserved
- permissions preserved

GVFS mount through Thunar
smb://MACOSXSHARE
single file
cp -a :
- timestamp preserved
- permissions not preserved
mv:
- timestamp preserved
- permissions not preserved
Thunar (cut or copy&paste):
- timestamp preserved
- permissions not preserved

copy a directory containing files and dirs
cp -a :
- timestamps preserved
- permissions not preserved
mv:
- timestamps preserved
- permissions not preserved
tar:
- timestamps preserved
- permissions not preserved
Thunar (cut or copy&paste):
directories
- timestamps not preserved
- permissions not preserved
files
- timestamps preserved
- permissions not preserved

Mac OS X 10.5
Finder smb://MACOSXSHARE
single file
cp -pPR:
- timestamp preserved
- permissions preserved
mv:
- timestamp preserved
- permissions preserved
ditto:
- timestamp preserved
- permissions NOT preserved (adds +x to owner)
Finder (drag/copy or finder drag/move):
- timestamp preserved
- permissions preserved

copy a directory containing files and dirs
cp -pPR:
- timestamps preserved
- permissions preserved
mv:
- timestamps preserved
- permissions preserved
ditto:
- timestamps preserved
- permissions not preserved (files: adds +x to owner)
tar:
- timestamps preserved
- permissions preserved
Finder (drag/copy):
- timestamps preserved
- permissions preserved


By default, samba in freenas stores create time as a filesystem extended attribute "user.DOSATTRIB". Some of your permissions problems are probably caused because you are using "UNIX" permissions type with a CIFS share (don't do that). As far as I know, the only difference between "windows" and "unix" permissions type is that the "windows" permission type explicitly disallows chmod operations. The reason why we do things this way is because chmod tends to break zfs acls.

A lot of development has happened in samba since it was included in OSX 10.5. OSX 10.5 was almost certainly the samba 3.x branch, pre-SMB2.

As far as gvfs stuff not working quite right, sounds normal. It is Linux after all. :D
 

mortar

Dabbler
Joined
Oct 5, 2015
Messages
25
By default, samba in freenas stores create time as a filesystem extended attribute "user.DOSATTRIB". Some of your permissions problems are probably caused because you are using "UNIX" permissions type with a CIFS share (don't do that). As far as I know, the only difference between "windows" and "unix" permissions type is that the "windows" permission type explicitly disallows chmod operations. The reason why we do things this way is because chmod tends to break zfs acls.

A lot of development has happened in samba since it was included in OSX 10.5. OSX 10.5 was almost certainly the samba 3.x branch, pre-SMB2.

As far as gvfs stuff not working quite right, sounds normal. It is Linux after all. :D

Thank you for your answers so far.

IMHO the storage backend's implementation details shouldn't cause inconsistent behaviour, and I would guess in this case that it's not really the cause.

I noted the OS X samba version in the message, and yes, it is ancient. However, it still works better in this case.

I share your notion about Linux/gvfs, but OTOH my testing shows that with another server even that can be made to work from the end user's perspective. What puzzles me is that FreeNAS is/seems to be an actual product that is also sold for money. You'd expect a storage product to go through meticulous testing, wouldn't you.

Are you a developer or otherwise project insider by any chance? I wouldn't mind hearing from the horses mouth, that (1) chmod just cannot be made to work with freenas, although samba has supported "unix extensions" for god knows how long and freenas ships them, too, and even the GUI has a tick for them, and (2) unix clients won't get proper timestamps from freenas+cifs unless the client side happens to be just right.

As a side note, the latest samba 4.3 (and 4.2) seem to have promising stuff like vfs_fruit, but nobody seems to package those versions yet.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Thank you for your answers so far.

IMHO the storage backend's implementation details shouldn't cause inconsistent behaviour, and I would guess in this case that it's not really the cause.

I noted the OS X samba version in the message, and yes, it is ancient. However, it still works better in this case.

I share your notion about Linux/gvfs, but OTOH my testing shows that with another server even that can be made to work from the end user's perspective. What puzzles me is that FreeNAS is/seems to be an actual product that is also sold for money. You'd expect a storage product to go through meticulous testing, wouldn't you.

Are you a developer or otherwise project insider by any chance? I wouldn't mind hearing from the horses mouth, that (1) chmod just cannot be made to work with freenas, although samba has supported "unix extensions" for god knows how long and freenas ships them, too, and even the GUI has a tick for them, and (2) unix clients won't get proper timestamps from freenas+cifs unless the client side happens to be just right.

As a side note, the latest samba 4.3 (and 4.2) seem to have promising stuff like vfs_fruit, but nobody seems to package those versions yet.

Not a developer. Regarding "Unix permissions" see the discussion in this bug report - https://bugs.freenas.org/issues/11390. CIFS shares on FreeNAS use nfsv4 ACLs. The proper method of manipulating them is through getfacl and setfacl. In principle, nfsv4 ACLs make permissions on a FreeNAS server behave much more closely to what you would expect from a Windows server with the corollary that they behave less like what you wold expect from a Unix server. No one is packaging 4.2 and 4.3 yet because samba version upgrades can be rough. With new features come bugs (new and necroed). Perhaps you should file a bug report with either FreeNAS (bugs.freenas.org), samba, or both.
 

mortar

Dabbler
Joined
Oct 5, 2015
Messages
25
Not a developer. Regarding "Unix permissions" see the discussion in this bug report - https://bugs.freenas.org/issues/11390. CIFS shares on FreeNAS use nfsv4 ACLs. The proper method of manipulating them is through getfacl and setfacl. In principle, nfsv4 ACLs make permissions on a FreeNAS server behave much more closely to what you would expect from a Windows server with the corollary that they behave less like what you wold expect from a Unix server. No one is packaging 4.2 and 4.3 yet because samba version upgrades can be rough. With new features come bugs (new and necroed). Perhaps you should file a bug report with either FreeNAS (bugs.freenas.org), samba, or both.

Thanks, that bug report was revealing. I won't spend anymore time on this setup then. The timestamp issue still remains, but it seems to be a mixture of client and server brokenness. I think the bug report I linked is probably correct, yet unanswered by samba developers. Somehow hard to believe that nobody else cares about file timestamps..

Meanwhile, I thought maybe dropping hopes of windows support would help, so moved to testing AFP. Same mess. Timestamps as unpredictable and permissions also borked, though, in a different way. Native OS X served AFP works better. I wonder if in this case zfs is the root cause of this all..

Although, not zfs related, I did find reports from the Synology forum from users with similar problems who had setup samba and/or netatalk on plain ubuntu boxes and it had worked without fault, unix permissions included. Maybe I'll do that myself and gather that one more data point.
 
Status
Not open for further replies.
Top