On Wed, Apr 23, 2008 at 09:15:13PM +0200, Petr Kopecky
wrote:> Hi there,
>
> I have some problem with Windows access rights mapping on Samba 3.0.28. I
am
> using XFS filesystem and ACL is working.
>
> This is a part of my smb.conf:
>
> domain logons = Yes
> preferred master = Yes
> map acl inherit = Yes
> map archive = Yes
> map hidden = Yes
> map system = Yes
> veto files = /*.eml/*.nws/*.{*}/
> veto oplock files = /*.doc/*.xls/*.mdb/
> create mask = 0755
> directory mask = 0755
>
> [profiles]
> comment = Profile Share
> path = /data/samba/profiles
> read only = No
> profile acls = Yes
> browseable = No
>
> [share]
> comment = Shared Data
> path = /data/samba/share
> public = No
> writable = No
> write list = @smbusers
> browseable = Yes
>
>
> This configuration works fine for profiles where I need to map hidden and
> system flags as windows uses them. But those flags are mapped in execute
> flags not acl rights, but it works.
>
> getfacl /data/samba/profiles/some.user
> # file: data/samba/profiles/some.user
> # owner: someuser
> # group: smbusers
> user::rwx
> group::---
> other::---
>
> The problem is on other share. If anyone changes the premissions on the
file
> then access rights are mapped to execute flag not ACL and it is very
> confusing.
> If domain user rights are set to write and modify, it is stored as group
> execute, if others are granted for write and modify, then execute flag for
> others is set. But these flags are interpreted as system and hidden.
> Additionally all created files have owner's executable bit set which
means
> archive.
>
> Could you please help me what should I set to have DOS access rights
working
> together with windows ACL? I cannot find this simple information on net :-(
As you're using xfs you should have the ability to store extended
attributes (EA's). So you can map DOS flags into EA's using the
following smb.conf setting (store in the [global] section).
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
Jeremy.