initiators@free.fr
2008-Jan-04 14:41 UTC
[Samba] Bug? "inherit acls" not working as expected
Hello I'm running Debian Etch with distro kernel & Samba package (2.6.18-5-686 & 3.0.24-6etch9). In my smb.conf I have : inherit owner = yes inherit permissions = yes inherit acls = yes I start with a dir test1 with no rights for group smb-Users, rx for group smb-Inf, and rwx for group smb-Bme-Fr : root@samba1:/mnt/temp # ll total 28 drwxr-xr-x 4 root root 4096 2008-01-04 15:08 . drwxr-xr-x 4 root root 29 2008-01-04 14:38 .. drwx------ 2 root root 16384 2008-01-04 14:37 lost+found drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:25 test1 root@samba1:/mnt/temp # getfacl test1/ # file: test1 # owner: root # group: smb-Users user::rwx group::--- group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--->From a Windows XP client with a user member of the group smb-Bme-Fr Icreate a dir test2 in dir test1, then I have : root@samba1:/mnt/temp # ll test1/ total 20 drwxrwx---+ 3 root smb-Users 4096 2008-01-04 15:26 . drwxr-xr-x 4 root root 4096 2008-01-04 15:08 .. drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:26 test2 root@samba1:/mnt/temp # getfacl test1/test2/ # file: test1/test2 # owner: root # group: smb-Users user::rwx group::rwx group:smb-Inf:r-x group:smb-Bme-Fr:rwx mask::rwx other::--- The group smb-Users should have no rights on test2, inherited from the test1 dir, but it has rwx. A user belonging to smb-Users and smb-Inf has rwx access and he should have just rx. I'm using XFS on my Samba server, I tried with ext3 with same results.
stephane.purnelle@corman.be
2008-Jan-04 15:25 UTC
RE [Samba] Bug? "inherit acls" not working as expected
not sure that you are right. Samba use both unix right and posix acl right. the directory test1 have unix right that autorise smb-Users to access-it. And you cancel it with acl entry => the smb-users group have no right. But you not have default acl entry, if you spec default acl entry with the same right that the acl entry, all directory created under test will take the value described by default acl entry. Else take the unix value. ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 samba-bounces+stephane.purnelle=corman.be@lists.samba.org a ?crit sur 04/01/2008 15:40:47 :> Hello > > I'm running Debian Etch with distro kernel & Samba package (2.6.18-5-686 > & 3.0.24-6etch9). > > In my smb.conf I have : > > inherit owner = yes > inherit permissions = yes > inherit acls = yes > > > I start with a dir test1 with no rights for group smb-Users, rx for > group smb-Inf, and rwx for group smb-Bme-Fr : > > root@samba1:/mnt/temp # ll > total 28 > drwxr-xr-x 4 root root 4096 2008-01-04 15:08 . > drwxr-xr-x 4 root root 29 2008-01-04 14:38 .. > drwx------ 2 root root 16384 2008-01-04 14:37 lost+found > drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:25 test1 > root@samba1:/mnt/temp # getfacl test1/ > # file: test1 > # owner: root > # group: smb-Users > user::rwx > group::--- > group:smb-Inf:r-x > group:smb-Bme-Fr:rwx > mask::rwx > other::--- > > > >From a Windows XP client with a user member of the group smb-Bme-Fr I > create a dir test2 in dir test1, then I have : > > root@samba1:/mnt/temp # ll test1/ > total 20 > drwxrwx---+ 3 root smb-Users 4096 2008-01-04 15:26 . > drwxr-xr-x 4 root root 4096 2008-01-04 15:08 .. > drwxrwx---+ 2 root smb-Users 4096 2008-01-04 15:26 test2 > root@samba1:/mnt/temp # getfacl test1/test2/ > # file: test1/test2 > # owner: root > # group: smb-Users > user::rwx > group::rwx > group:smb-Inf:r-x > group:smb-Bme-Fr:rwx > mask::rwx > other::--- > > > The group smb-Users should have no rights on test2, inherited from the > test1 dir, but it has rwx. A user belonging to smb-Users and smb-Inf has > rwx access and he should have just rx. > > I'm using XFS on my Samba server, I tried with ext3 with same results. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba