Open stefangweichinger opened 1 week ago
I'll leave the Snapper log for somebody more knowledgeable to look at.
to me it seems that no ACLs are applied: ...
drwxr-x---+ 1 root root 4 Jun 19 14:14 .
The +
here indicates that an ACL is present. getfactl
should tell you whether the .snapshots
directory carries ALLOW_GROUPS
entries.
In windows there are no "previous versions" shown
One thing to keep in mind is that Windows Explorer will only show Previous Versions for file snapshots with unique modification-time values. If all snapshots of a file have the same mtime as the file in the base share then no snapshots will be shown in the Previous Versions list.
# /mnt/pool1/samba/daten# getfacl .snapshots/
# file: .snapshots/
# owner: root
# group: root
user::rwx
group::r-x
mask::r-x
other::---
Doesn't look as intended ;-)
# /mnt/pool1/samba/daten# getfacl .snapshots/ # file: .snapshots/ # owner: root # group: root user::rwx group::r-x mask::r-x other::---
Doesn't look as intended ;-)
Indeed, assuming your Samba users are mapped to domain admins
or domain users
(without a domain prefix: is winbind use default domain
configured?) this will block access. I'm don't know why snapper isn't correctly processing ALLOW_GROUPS
here.
Is snapper compiled with xattrs support? Please check with using snapper debug
.
Yes:
# snapper debug
server:
pid:260597
clients:
name:':1.53754', uid:0, myself
backgrounds:
meta-snappers:
name:'samba_daten'
compile options:
version 0.10.4
flags btrfs,lvm,no-ext4,xattrs,rollback,btrfs-quota,no-selinux
Ad other q:
winbind use default domain = Yes
Maybe I miss some library or package or so.
Although I see the domain users and groups when I use "ls" for example: the files in the shared directory belong to AD users/groups.
The snapper log entries look strange to me but I don't see what to change.
2024-06-20 07:00:00 MIL libsnapper(260269) Snapper.cc(Snapper):96 - libsnapper version 0.10.4
2024-06-20 07:00:00 MIL libsnapper(260269) Snapper.cc(Snapper):97 - config_name:samba_daten disable_filters:false
2024-06-20 07:00:00 MIL libsnapper(260269) AsciiFile.cc(reload):922 - loading file /etc/snapper/configs/samba_daten
2024-06-20 07:00:00 MIL libsnapper(260269) AsciiFile.cc(get_value):1078 - key:SUBVOLUME value:/mnt/pool1/samba/daten
2024-06-20 07:00:00 MIL libsnapper(260269) AsciiFile.cc(get_value):1078 - key:FSTYPE value:btrfs
2024-06-20 07:00:00 MIL libsnapper(260269) AsciiFile.cc(get_value):1078 - key:QGROUP value:
2024-06-20 07:00:00 MIL libsnapper(260269) AsciiFile.cc(get_value):1078 - key:SYNC_ACL value:yes
2024-06-20 07:00:00 MIL libsnapper(260269) Snapper.cc(Snapper):130 - subvolume:/mnt/pool1/samba/daten filesystem:btrfs
2024-06-20 07:00:00 MIL libsnapper(260269) Snapper.cc(loadIgnorePatterns):204 - number of ignore patterns:8
2024-06-20 07:00:00 MIL libsnapper(260269) Snapshot.cc(read):288 - found 19 snapshots
2024-06-20 07:00:00 WAR libsnapper(260269) FileUtils.cc(SDir):91 - THROW: open failed path:/mnt/pool1/samba/daten/.snapshots/19 errno:2 (No such file or directory)
2024-06-20 07:00:00 WAR libsnapper(260269) Btrfs.cc(checkSnapshot):482 - CAUGHT: open failed path:/mnt/pool1/samba/daten/.snapshots/19 errno:2 (No such file or directory)
2024-06-20 07:00:00 WAR libsnapper(260269) FileUtils.cc(SDir):66 - THROW: open failed path:/usr/lib/snapper/plugins errno:2 (No such file or directory)
2024-06-20 07:00:00 WAR libsnapper(260269) Hooks.cc(run_scripts):64 - CAUGHT: open failed path:/usr/lib/snapper/plugins errno:2 (No such file or directory)
2024-06-20 07:00:30 MIL libsnapper(260269) Snapper.cc(~Snapper):142 - Snapper destructor
2024-06-20 07:01:00 MIL libsnapper(260269) snapperd.cc(main):315 - Exiting
2024-06-20 07:52:00 MIL libsnapper(260597) snapperd.cc(main):283 - Requesting DBus name
2024-06-20 07:52:00 MIL libsnapper(260597) snapperd.cc(main):298 - Loading snapper configs
2024-06-20 07:52:00 MIL libsnapper(260597) Snapper.cc(getConfigs):299 - Snapper get-configs
2024-06-20 07:52:00 MIL libsnapper(260597) Snapper.cc(getConfigs):300 - libsnapper version 0.10.4
2024-06-20 07:52:00 MIL libsnapper(260597) AsciiFile.cc(reload):922 - loading file /etc/default/snapper
2024-06-20 07:52:00 MIL libsnapper(260597) AsciiFile.cc(get_value):1078 - key:SNAPPER_CONFIGS value:samba_daten
2024-06-20 07:52:00 MIL libsnapper(260597) AsciiFile.cc(reload):922 - loading file /etc/snapper/configs/samba_daten
2024-06-20 07:52:00 MIL libsnapper(260597) AsciiFile.cc(get_value):1078 - key:SUBVOLUME value:/mnt/pool1/samba/daten
2024-06-20 07:52:00 MIL libsnapper(260597) snapperd.cc(main):311 - Listening for method calls and signals
2024-06-20 07:53:00 MIL libsnapper(260597) snapperd.cc(main):315 - Exiting
And as long as the snapshots aren't created correctly, vfs_snapper
can't display them correctly, I assume.
Place the values for ALLOW_* in quotes and check with '''snapper get-config'''.
Did so.
The config is "samba_daten".
Getting:
# grep ALLO samba_daten
ALLOW_USERS="sgw"
ALLOW_GROUPS="domain\ admins domain\ users"
# snapper get-config samba_daten
The config 'root' does not exist. Likely snapper is not configured.
See 'man snapper' for further instructions.
What do I miss? Another config called root
? thanks!
If the config is not root you have to provide the name like snapper -c samba_daten get-config
.
Ah, sorry, my mistake.
OK, looks like this:
# snapper -c samba_daten get-config
Key | Value
-----------------------+-----------------------------
ALLOW_GROUPS | domain\ admins domain\ users
ALLOW_USERS | sgw
BACKGROUND_COMPARISON | yes
EMPTY_PRE_POST_CLEANUP | yes
EMPTY_PRE_POST_MIN_AGE | 1800
FREE_LIMIT | 1.2
FSTYPE | btrfs
NUMBER_CLEANUP | yes
NUMBER_LIMIT | 50
NUMBER_LIMIT_IMPORTANT | 10
NUMBER_MIN_AGE | 1800
QGROUP |
SPACE_LIMIT | 1.5
SUBVOLUME | /mnt/pool1/samba/daten
SYNC_ACL | yes
TIMELINE_CLEANUP | yes
TIMELINE_CREATE | yes
TIMELINE_LIMIT_DAILY | 10
TIMELINE_LIMIT_HOURLY | 10
TIMELINE_LIMIT_MONTHLY | 10
TIMELINE_LIMIT_WEEKLY | 0
TIMELINE_LIMIT_YEARLY | 10
TIMELINE_MIN_AGE | 1800
new snapshots still belong to "root:root", no ACLs:
# getfacl /mnt/pool1/samba/daten/.snapshots/24
getfacl: Removing leading '/' from absolute path names
# file: mnt/pool1/samba/daten/.snapshots/24
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
Try snapper -c samba_daten ls
. The ACLs are only synced during some commands.
@aschnell thanks, tried. Takes quite a while, I see no difference. Is it correct to look at this path:
# getfacl /mnt/pool1/samba/daten/.snapshots/26
getfacl: Removing leading '/' from absolute path names
# file: mnt/pool1/samba/daten/.snapshots/26
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
?
AFIAR you should look at /mnt/pool1/samba/daten/.snapshots
.
Looks promising:
# getfacl /mnt/pool1/samba/daten/.snapshots
getfacl: Removing leading '/' from absolute path names
# file: mnt/pool1/samba/daten/.snapshots
# owner: root
# group: root
user::rwx
user:sgw:r-x
group::r-x
group:domain\040admins:r-x
group:domain\040users:r-x
mask::r-x
other::---
I mailed their admin to look into "previous versions" now (I don't have a domain member PC at hand right now).
Side question: do I have to exclude ".snapshots" from snapper somehow? just wondering if it would snapshot the snapshots (I assume it does NOT as it is a separate subvolume etc). Thanks!
Side question: do I have to exclude ".snapshots" from snapper somehow? just wondering if it would snapshot the snapshots (I assume it does NOT as it is a separate subvolume etc). Thanks!
There's no need - Btrfs snapshots aren't recursive, so the nested .snapshots
directory can be ignored.
The windows system sees snapshots, but without content. The underlying linux-fs (btrfs) shows snapshots with content.
I assume the actual snapshot might also need the ACLs applied?
# getfacl /mnt/pool1/samba/daten/.snapshots/30
getfacl: Removing leading '/' from absolute path names
# file: mnt/pool1/samba/daten/.snapshots/30
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
The snapshot should carry the same permissions as the base share, i.e. if the Samba users have access to the base share for I/O then they should also (with an appropriate .snapshots
ACL) have permission to view previous versions. Did you confirm differing modification-times between base and snapshots, as discussed earlier?
Feel free to raise a bugzilla.samba.org ticket if you think the issue is now samba/vfs_snapper related.
Look at this. Sounds familiar.
I try to set up snapper for providing snapshots to be used with the samba vfs_snapper module ( https://www.samba.org/samba/docs/current/man-html/vfs_snapper.8.html )
The server is a debian-12.5 box, using snapper-0.10.4
I have these btrfs-subvolumes related to the samba-share:
The snapper-config contains:
snapper creates snapshots but:
why does it warn?
In windows there are no "previous versions" shown. I assume this is related to the ACLs/permissions ... so I would like to know why snapper doesn't apply them or what I can do to allow this.
I know this crosses multiple layers, I already asked on the samba-ML as well. Thanks for any help ... thanks for your work.