Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Unfortunately, the Unix owner of the file now is locked out of writing to it. We never had any problem with permissions on these files before using the ACL-enabled kernel. Is there a way to completely disable POSIX ACL support at runtime, and have Samba just revert back to its behavior when on a filesystem that does not support POSIX ACLs? Or, better yet, is there a way to fix this behavior? Thanks, -- John
You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. Cheers, Henrik 30 okt 2006 kl. 16:51 skrev John Goerzen:> Hello, > > We are running Samba 3.0.23c on Debian. > > Over the weekend, we updated out file server to Debian's kernel > 2.6.18. We > had previously never run a kernel with ACL support enabled. Since the > upgrade, we are seeing very strange permission behavior. It > appears to be > related to POSIX ACL support in Samba. > > It seems that what's happening is this. > > We have a number of files that are user/group writable (permissions > 0664). > When a user that is someone other than the Unix owner of the file > writes to > it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added > with > this second user getting read/write permission to it. > > Unfortunately, the Unix owner of the file now is locked out of > writing to > it. > > We never had any problem with permissions on these files before > using the > ACL-enabled kernel. > > Is there a way to completely disable POSIX ACL support at runtime, > and have > Samba just revert back to its behavior when on a filesystem that > does not > support POSIX ACLs? > > Or, better yet, is there a way to fix this behavior? > > Thanks, > > -- John > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba
On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote:> You could always edit your fstab file and mount your fs without acl > support.Unfortunately, XFS does not have such an option. I verified this with both the mount manpage and the XFS source code. According to mount(8), only ext2/3 have that option. -- John
>We have a number of files that are user/group writable (permissions 0664). >When a user that is someone other than the Unix owner of the file writes to >it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with >this second user getting read/write permission to it. > > >Here's my observations: we've upgrade from 3.0.22 to 3.0.23c on Solaris 10 and we are seeing the same problem (we did not see this behaviour with 3.0.22). Sim -- S.Barbaresi E-mail: s.barbaresi@bangor.ac.uk Adeilad Deiniol, UWB Tel: (44) (0)1248 382403 Ffordd Deiniol Mob: (44) (0)7788 977167 Bangor, Gwynedd LL57 2UX URL: www.bangor.ac.uk -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dil?wch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio ? defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Cymru, Bangor. Nid yw Prifysgol Cymru, Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Cymru, Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the University of Wales, Bangor. The University of Wales, Bangor does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the University of Wales, Bangor Finance Office. www.bangor.ac.uk