I decided to open this thread after I discovered what I think is a bug on Samba (see my posts here).
So let's see the bug "in action"...
1) Create a folder on the QNAP (/opt/var/testdir) using IPKG and add some simple text files.
Code: Select all
[~] # mkdir /opt/var/testdir
[~] # cd /opt/var/testdir/
[/opt/var/testdir] # echo "Test file." > File1.txt
[/opt/var/testdir] # echo "Test file." > File2.txt
[/opt/var/testdir] # echo "Test file." > File3.txt
[/opt/var/testdir] # ls -l
-rw-r--r-- 1 admin administ 11 May 31 18:38 File1.txt
-rw-r--r-- 1 admin administ 11 May 31 18:39 File2.txt
-rw-r--r-- 1 admin administ 11 May 31 18:39 File3.txt
Code: Select all
[/] # mkdir /share/Public/TestShare
[/] # ls -l /share/Public/
drwxr-xr-x 2 admin administ 4096 May 31 18:42 TestShare/
Code: Select all
[/] # mount --bind /opt/var/testdir /share/Public/TestShare
[/] # mount -o remount,ro /share/Public/TestShare
[/] # mount | grep TestShare
/share/HDA_DATA/.qpkg/Optware/var/testdir on /share/HDA_DATA/Public/TestShare type none (ro,bind)
4) Now we can try to delete a file from SSH (with the admin account); it would correctly fail, as the folder is read-only.
Code: Select all
[/] # ls -l /share/Public/TestShare/
-rw-r--r-- 1 admin administ 11 May 31 18:38 File1.txt
-rw-r--r-- 1 admin administ 11 May 31 18:39 File2.txt
-rw-r--r-- 1 admin administ 11 May 31 18:39 File3.txt
[/] # id
uid=0(admin) gid=0(administrators) groups=0(administrators),100(everyone)
[/] # rm -f /share/Public/TestShare/File1.txt
rm: unable to remove `/share/Public/TestShare/File1.txt': Read-only file system
5) Now the bug. Access the Public/TestShare folder from Samba using the admin account. I've tried both from Windows (Vista 64-bit) and Linux Ubuntu 10 (in a virtual machine): you cannot add, edit or rename the files (an "access denied" message pops-up) but
you can DELETE them!
Code: Select all
[/] # ls -l /share/Public/TestShare/
This "bug" (if it is a bug, and I think it is!) prevents me from mounting the rsnapshot backups into a folder in read-only mode; the only way to work-around it is setting the whole shared folder (i.e. Public) as read-only to the admin user too, but that isn't what I want of course!
I'm on 3.4.2 build 0331T firmware, I have Enable Advanced Folder Permissions disabled and Enable Folder Aggregation enabled but with the list of folders empty. This is my smb.conf (cut down for brevity):
Code: Select all
[global]
workgroup = WORKGROUP
security = USER
server string = NAS Server
encrypt passwords = Yes
username level = 0
map to guest = Bad User
null passwords = yes
max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=131072
os level = 20
preferred master = no
dns proxy = No
config file = /etc/config/smb.conf
smb passwd file=/etc/config/smbpasswd
username map = /etc/config/smbusers
guest account = guest
directory mask = 0777
create mask = 0777
oplocks = yes
locking = yes
disable spoolss = yes
load printers = no
dos charset = UTF8
display charset = UTF8
force directory security mode = 0000
template shell = /bin/sh
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
use sendfile = yes
case sensitive = auto
unix extensions = no
min receivefile size = 4096
wins support = no
passdb backend = smbpasswd
store dos attributes = yes
client ntlmv2 auth = yes
dos filetime resolution = yes
domain master = auto
local master = yes
inherit acls = yes
wide links = yes
<... removed ...>
[Public]
comment = System default share
path = /share/HDA_DATA/Public
browsable = yes
oplocks = yes
ftp write only = no
public = yes
invalid users =
read list =
write list = "admin",@"everyone","guest","web"
valid users = "root","admin",@"everyone","guest","web"
inherit permissions = yes