Hi,
I'm having an issue with extended ACL permissions while upgrading from 4.6.2
to 4.10.16.
When upgraded, the file permissions will only allow a user's primary GID to
access the directory/file.
For example:
tuser is a member of secall and secoptions.
secall is tuser's primary GID.
A dir has an ACL set for secoptions:rwx
tuser is unable to access the dir from a windows host
Adding secall:rwx to the dir allows tuser to access the dir without issue.
Trawled this document for a Boolean parameter this afternoon that would sort out
this problem but came up blank: smb.conf
(samba.org)<https://www.samba.org/~ab/output/htmldocs/manpages-3/smb.conf.5.html>
Any help to shed some light on this is greatly appreciated.
Current smb.conf file below:
<config>
[global]
realm = OPTIONS-IT.COM
workgroup = OPTIONS-IT
security = ads
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab /etc/krb5.keytab.stc.local
template homedir = /home/%U
idmap config * : backend = sss
idmap config * : range = 57000-59000
# idmap config OPTIONS-IT : backend = sss
# idmap config OPTIONS-IT : range = 57000-59000
# idmap config STC.LOCAL : backend = sss
# idmap config STC.LOCAL : range = 57000-59000
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
machine password timeout = 0
log level = 3
allow trusted domains = yes
# winbind scan trusted domains = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[log]
comment = var log test
path = /var/log
browseable = yes
writeable = yes
create mask = 7650
directory mask = 7770
guest ok = yes
posix locking = no
<config>
System info:
Red Hat Enterprise Linux Server release 7.9 (Maipo)
3.10.0-1160.88.1.el7.x86_64 #1 SMP Sat Feb 18 13:27:00 UTC 2023 x86_64 x86_64
x86_64 GNU/Linux
$ smbd -V
Version 4.10.16
All the best,
Jack
CONFIDENTIAL:
The information transmitted is intended only for the person(s) or entity to
which it is addressed and may contain confidential and/or privileged material.
Any review, retransmission, dissemination or other use of, or taking of any
action in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error, please contact
the sender and delete the material from any computer. Whilst we take reasonable
precautions to minimise risk, you must carry out your own virus checks before
opening attachments or reading e-mails and we do not accept liability for any
damage or loss in this respect. This e-mail and its attachments may be subject
to copyright protection and you should not retransmit or reproduce these without
the consent of the author. Non-business related content is not authorised by us
and we shall not be liable for it. We are also not responsible for changes made
or occurring after this message was sent.
Options Technology Ltd.
50 Pall Mall,
St James,
London,
SW1Y 5JH
Tel: +44 20 7070 5000 Fax: +44 20 7070 5001
Options Information Technology LLC
28 Liberty St, 9th Floor,
New York, NY 10005.
Tel: 646 205 2500 Fax: 646 205 2501
Options Technology (Asia) Ltd.
503C The Golden Center,
188 Des Voeux Road, Central, Hong Kong
Tel: +852 3166 5000 Fax: +852 3166 5001
http://www.options-it.com