1

I have on a Samba File Server (openSUSE Leap 15), a directory with subdirectorys in which some should have no more owner. User Name Resolution is going by winbind. I want to delete every dir with no owner.

The Problem is, that ls -la shows me, that some subdirectorys still have a user as owner that doesnt exist anymore in the AD. wbinfo -u doesnt shows me the deleted user and on the AD the user definetly doenst exist anymore too. Also getent passwd doesnt shows the users which ls -la shows as owner.

Things i have done already:

  • Reboot
  • net cache flush
  • manually delete winbindd_cache.tdb and winbindd_idmap.tdb

Very strange, is there a other cache that would be not cleared by net cache flush?

PS: the nscd daemon is running too on the Samba File Server

Here the smb.conf for winbind config

[global]
    workgroup = domain
    realm = domain.DOMAIN
    netbios name = name
    security = ADS
    interfaces = 1.2.3.4 127.0.0.1/8
    bind interfaces only = yes

    log level = 1

    template shell = /bin/false

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    registry shares = yes

    hide unreadable = yes
    #hide dot files = yes
    hide files = /$*/desktop.ini/RECYCLER/Thumbs.db/

    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    winbind enum users = yes
    winbind enum groups = yes
    winbind expand groups = 4
    username map = /etc/samba/samba_usermapping

    idmap config * : range = 2000 - 999999

    idmap config domain:backend = rid
    idmap config domain:range = 1000000 - 1999999
MHABK
  • 9
  • 5

1 Answers1

0

File ownership is stored in the file-system. Simply removing a user from /etc/passwd or another remote user management does not remove the ownership in the file system. You just can't see the name for the UID and GID anymore.

If the user or group name still shows up with getent and you're running nscd caching passwd and group maps (check /etc/nscd.conf) then you should flush its caches for these maps:

nscd --invalidate=passwd
nscd --invalidate=group

A word of caution:

I'd recommend not to remove files found with find -nouser or find -nogroup automatically if there's even just a small chance that your remote user management might be unreachable.

Michael Ströder
  • 909
  • 5
  • 9
  • Yes, thats exact what it should be. I want that the ownership is empty, so that i can list all orphan dirs with "find -nouser" and delete them. – MHABK Jul 19 '18 at 10:56
  • Sorry, misunderstood your question before. I've edited my answer accordingly. – Michael Ströder Jul 19 '18 at 11:11
  • Thanks for your tip, but unfortunately no change after this – MHABK Jul 19 '18 at 12:07
  • I have added the smb.conf in the Question. Maybe this helps debug – MHABK Jul 19 '18 at 12:19
  • You've tried exactly what? `nscd --invalidate=`? `getent passwd foo` still shows a passwd entry for removed user? What's in your nscd.conf? Samba is just a wrapper on top of your POSIX user management and filesystem. So your smb.conf does not show the relevant stuff. It's at Linux level. – Michael Ströder Jul 19 '18 at 12:42
  • I have tried `nscd --invalidate=passwd` and `nscd --invalidate=group`. `get ent passwd` shows NOT the deleted user. Only `ls` shows them. – MHABK Jul 23 '18 at 08:22
  • If the user is not shown in _passwd_ map anymore _ls_ normally just shows the numeric UID. In your case _ls_ really still shows the **names**? Or just the numeric UID? – Michael Ströder Jul 23 '18 at 08:54
  • It shows really the name like this `domain\max.muste` – MHABK Jul 23 '18 at 09:00