I have just enabled user_xattr on the partition where my samba share is
on. Now when I use getfattr I see the extended attribute user.SAMBA_PAI
on my files. But ACL inheritance isn't taking place...
When I (from within Windows) click on Properties > Security > Advanced
an then enable "Allow inheritable permissions..." on a certain file,
then the attribute user.SAMBA_PAI disappears and the ACL rights are
inherited?!
Changing "map acl inheritance" between yes or no does not change this
behavior.
Can someone enlighten me on how this should work (let files inherit
acls) an why this worked when the share was mounted without user_xattr?
I use samba 3.0.21b-1 by the way... and here is my smb.conf:
[global]
security = ads
password server = server01
encrypt passwords = true
workgroup = workgroup
realm = DOMAIN.LOCAL
netbios name = server02
log file = /var/log/samba/samba.log
log level = 2
syslog = 0
# ea support = yes
nt acl support = yes
# map acl inherit = yes
change notify timeout = 5
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
[wwwroot]
comment = wwwroot
path = /usr/home/ws.old/wws01
read only = no
browsable = yes
writable = yes
dos filemode = yes
acl group control = yes
veto oplock files = /*.mdb/*.MDB/
create mask = 0770
force create mode = 0440
directory mask = 0771
force directory mode = 0771
security mask = 0777
force security mode = 0440
directory security mask = 0777
force directory security mode = 0771
On 8/7/06, S. J. van Harmelen <sander.vanharmelen@isp.solcon.nl> wrote:> > Changing "map acl inheritance" between yes or no does not change this > behavior. >Have you tried setting "inherit acls = yes" ? Honestly, i'm not sure why it would have worked before other than the filesystem propagating the posix default acls. Were you able to set specifc permissions for a specific user before and have it inherited? Sander, sorry for the multiple replies to you, just migrating email and having issues with the list...
Yes, I have tried "inherit acls = yes", but this doesn't seem to make any difference... I think your wright do, Ik think that before the default ACLs where propagated. So how can I regain this functionality without turning off user_xattr which I need for some other functionalities... On ma, 2006-08-07 at 08:34 -0400, James McDonough wrote:> On 8/7/06, S. J. van Harmelen <sander.vanharmelen@isp.solcon.nl> > wrote: > Changing "map acl inheritance" between yes or no does not > change this > behavior. > Have you tried setting "inherit acls = yes" ? > > Honestly, i'm not sure why it would have worked before other than the > filesystem propagating the posix default acls. Were you able to set > specifc permissions for a specific user before and have it inherited?
P.S. I should also mention that the logfile gives me this error while setting the inheritance flags: [2006/08/04 10:58:55, 1] smbd/posix_acls.c:store_inheritance_attributes(252) store_inheritance_attribute: Error Permission denied On ma, 2006-08-07 at 08:34 -0400, James McDonough wrote:> On 8/7/06, S. J. van Harmelen <sander.vanharmelen@isp.solcon.nl> > wrote: > Changing "map acl inheritance" between yes or no does not > change this > behavior. > Have you tried setting "inherit acls = yes" ? > > Honestly, i'm not sure why it would have worked before other than the > filesystem propagating the posix default acls. Were you able to set > specifc permissions for a specific user before and have it inherited?