Hi guys, I've got a problem where if I set permissions on a folder(Admin) "setfacl -R -d -m u::rwx,g::wrx,o::- Admin/" and "setfacl -m o:- Admin" I get the following. mail:/data/samba/shared # getfacl Admin/ # file: Admin # owner: BCP+administrator # group: samba user::rwx user:samba:rwx group::rwx group:BCP+admin:r-x mask::rwx other::--- default:user::rwx default:group::rwx default:group:BCP+admin:r-x default:mask::rwx default:other::--- If I then browse to the share through windows and look at the permissions for "everyone(other)", they have "none" which is what I want. I only want the user and group to have rwx on the folder(recursively) and I want everyone to have no access. If I then go and change any of the permissions through windows eg: adding/removing a group/user etc. then suddenly "everyone(other) gets the following permissions. mail:/data/samba/shared # getfacl Admin/ # file: Admin # owner: BCP+administrator # group: samba user::rwx user:samba:rwx group::rwx group:BCP+admin:r-x mask::rwx other::r-x default:user::rwx default:group::rwx default:group:BCP+admin:r-x default:mask::rwx default:other::r-- No matter what I do through windows I cant remove access for "everyone" unless I use the setfacl coomand again like above. Another thing is that the permissions I'm applying aren't being applied recursively, even though I'm applying them to recursively. mail:/data/samba/shared/Admin/Pippa # getfacl Wills/ # file: Wills # owner: BCP+administrator # group: samba user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Please could someone shed some light here as I'm very baffled. Thanks in advance. Regards. Neil -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html
Sorry to repost but I'm getting desperate here. Neil Wilson wrote:> Hi guys, > > I've got a problem where if I set permissions on a folder(Admin) > "setfacl -R -d -m u::rwx,g::wrx,o::- Admin/" and "setfacl -m o:- Admin" > > I get the following. > > mail:/data/samba/shared # getfacl Admin/ > # file: Admin > # owner: BCP+administrator > # group: samba > user::rwx > user:samba:rwx > group::rwx > group:BCP+admin:r-x > mask::rwx > other::--- > default:user::rwx > default:group::rwx > default:group:BCP+admin:r-x > default:mask::rwx > default:other::--- > > If I then browse to the share through windows and look at the > permissions for "everyone(other)", they have "none" which is what I want. > I only want the user and group to have rwx on the folder(recursively) > and I want everyone to have no access. > > If I then go and change any of the permissions through windows eg: > adding/removing a group/user etc. then suddenly "everyone(other) gets > the following permissions. > > mail:/data/samba/shared # getfacl Admin/ > # file: Admin > # owner: BCP+administrator > # group: samba > user::rwx > user:samba:rwx > group::rwx > group:BCP+admin:r-x > mask::rwx > other::r-x > default:user::rwx > default:group::rwx > default:group:BCP+admin:r-x > default:mask::rwx > default:other::r-- > > No matter what I do through windows I cant remove access for "everyone" > unless I use the setfacl coomand again like above. > > Another thing is that the permissions I'm applying aren't being applied > recursively, even though I'm applying them to recursively. > > mail:/data/samba/shared/Admin/Pippa # getfacl Wills/ > # file: Wills > # owner: BCP+administrator > # group: samba > user::rwx > group::rwx > other::--- > default:user::rwx > default:group::rwx > default:other::--- > > Please could someone shed some light here as I'm very baffled. > > Thanks in advance. > > Regards. > > Neil >-- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neil Wilson wrote, On 20-09-2007 14:28:> Hi guys, > > I've got a problem where if I set permissions on a folder(Admin) > "setfacl -R -d -m u::rwx,g::wrx,o::- Admin/" and "setfacl -m o:- Admin" > > I get the following. > > mail:/data/samba/shared # getfacl Admin/ > # file: Admin > # owner: BCP+administrator > # group: samba > user::rwx > user:samba:rwx > group::rwx > group:BCP+admin:r-x > mask::rwx > other::--- > default:user::rwx > default:group::rwx > default:group:BCP+admin:r-x > default:mask::rwx > default:other::--- > > If I then browse to the share through windows and look at the > permissions for "everyone(other)", they have "none" which is what I want. > I only want the user and group to have rwx on the folder(recursively) > and I want everyone to have no access. > > If I then go and change any of the permissions through windows eg: > adding/removing a group/user etc. then suddenly "everyone(other) gets > the following permissions.May I suggest that you then stop changing permission from Windows? :-) Seriously, it seems like some "default" of Windows when changing something.> mail:/data/samba/shared # getfacl Admin/ > # file: Admin > # owner: BCP+administrator > # group: samba > user::rwx > user:samba:rwx > group::rwx > group:BCP+admin:r-x > mask::rwx > other::r-x > default:user::rwx > default:group::rwx > default:group:BCP+admin:r-x > default:mask::rwx > default:other::r-- > > No matter what I do through windows I cant remove access for "everyone" > unless I use the setfacl coomand again like above.That's strange and it seems more a Windows problem than a Samba one. Did you tried with other versions with Windows? I remember having managed directories under MS Windows clients without such behaviour. Maybe your inheriting something from parent folder or some option from the tool you are using.> Another thing is that the permissions I'm applying aren't being applied > recursively, even though I'm applying them to recursively. > > mail:/data/samba/shared/Admin/Pippa # getfacl Wills/ > # file: Wills > # owner: BCP+administrator > # group: samba > user::rwx > group::rwx > other::--- > default:user::rwx > default:group::rwx > default:other::--- > > Please could someone shed some light here as I'm very baffled. > Thanks in advance.Just to be sure, do you have ACL support compiled in Samba? We are using ACLs with Samba in Debian etch (4.0), without any problems and with the expected behaviour. Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG9BD0Cj65ZxU4gPQRCP4/AKC4tOCFv/vUh0lw5/QS9Sz9ETf1UQCgyZSt P7uMp0zvEBtijdOoKA+T6Yc=qRTn -----END PGP SIGNATURE-----