SMB does not present permissions on looped up raw disk image / backup of a Windows NTFS volume – A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about SMB does not present permissions on looped up raw disk image / backup of a Windows NTFS volume was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, windows, permissions, samba, .
I have a raw copy of a Windows NTFS volume on my Linux machine. When I loop it and share it out on a domain-joined Linux machine via Samba as-follows —
[global] workgroup = <my-domain> realm = <my-domain.com> server string = %h (backups) security = ADS map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Entersnews*spassword:* %nn *Retypesnews*spassword:* %nn *passwordsupdatedssuccessfully* . unix password sync = Yes restrict anonymous = 1 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes allow insecure wide links = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 10000 - 20000 idmap gid = 10000 - 20000 winbind enum users = Yes winbind enum groups = Yes idmap config * : range = 10000 - 20000 idmap config * : backend = tdb map acl inherit = Yes ... [TestShare] path = /datto/mounts/TestShare valid users = nobody read only = No create mask = 0755 force create mode = 0755 force directory mode = 0755 veto files = /lost+found/.locate.db dfree command = /datto/bin/dfree-runner
There are no longer permissions associated with the block device (left — right, original).
On the other hand, mounting an iSCSI target of that same volume shows the original permissions.
Is it possible to serve these original permissions / securities over SMB? If so, is there something I can add or modify in my configuration of this share?
I’m not exactly sure why this happens but NTFS permission do not translate to *nix very well. I’m pretty sure that the on disk permissions that NTFS (5.0) uses are MUCH more complicated than what SAMBA reads.
In my experience with connecting something like MacOS or BSD/FreeNAS to a device with NTFS on it, if you have a disk that has permissions applied that are for a non-domain joined computer and it is an OS disk, it will generally appear to work relatively normally (you can’t get into C:Users%username% until you reset, but a folder on the C: root will have the permissions as ‘Everyone’.)
If you have a computer that is domain joined, things get quite harry. The extra SIDs that are domainusername likely require you to connect that *nix box to the LDAP service of the domain at a minimum. Even then, I have had trouble getting them to work smoothly.
I’m guessing from your screenshots that you don’t have a domain there (computernameusername) so your issue is likely pseudo related to a need for an LDAP connection (SID syncing).
You could probably resolve this issue by either validating the permissions that are applied to the NTFS with a user that is synced to LDAP on your *nix box or standing up a Windows Server and connecting to that with LDAP or something like that. That is at least the path you want to drive down. =P