samba - Aug 2008 - [acl] setting user/group permissions from windows

Hello,

I've setup a samba PDC (3.0.31) and I am using Windows Vista clients.
Logging on works fine using roaming profiles and folder redirections.
I am also able to write to shares, etc.

Now I am trying to get the advanced permissions on files to work. So
on my share:

[share]
	comment = Shared directories
	path = /samba/share
	read only = No
	guest ok = Yes

With the following user rights in Linux:
drwxrwxr-x 5 nobody Domain Users 4096 2008-08-07 13:53 share

I create a directory called 'test' with the user 'tdummy'.
The permissions on this directory in Linux are now:
drwxrwxr-x  3 tdummy Domain Users    4096 2008-08-07 13:23 test

When I try to give the user 'mbuster' (also a member of the group
"Domain Users") a special set of user rights from windows (using the
security tab on the directory properties), I get the message that
access is denied (whatever rights I choose). So I thought lets try it
from the Linux side and I added some acl rights to that directory for
the user 'mbuster'. So a getfacl now shows:

# file: test
# owner: tdummy
# group: Domain\040Users
user::rwx
user:mbuster:rwx
group::r-x
mask::rwx
other::r-x

But the user permissions for 'mbuster' are not shown in the security
tab of the windows file properties. So this does not seem to work (is
it supposed to work like this?).

I have build samba with the --with-acl-support option. In my fstab,
the options acl and user_xattr are used. My smb.conf can be found
overhere:
http://pastebin.ca/1094618

So, I have a properly working domain, users can log on, they can
create/delete/modify files on their home directories and the shared
directories, but I am not able to change acl permissions from windows
and if I change them from Linux with setfacl, they are not shown nor
do have any effect in Windows.

Does anybody know what I am doing wrong? Or can a extensive guide to
setup acl's properly be found somewhere (the guides I found were not
that extensive and didn't work for me)?

Greetings,
Heiko

I found the solution for my problem.
The first time I installed samba, I didn't have the header files for
acl installed (libacl1-dev). But after I installed them I did a

configure --with-acl-support
make
make install

This didn't work for me. But I gave it another try, but now I first did a

make clean

Before I configure/make/make installed samba.
Is this default behavior? Or could it be a bug?

Greetings,
Heiko



2008/8/7 Heiko Harders <heiko.harders@gmail.com>:
> Hello,
>
> I've setup a samba PDC (3.0.31) and I am using Windows Vista clients.
> Logging on works fine using roaming profiles and folder redirections.
> I am also able to write to shares, etc.
>
> Now I am trying to get the advanced permissions on files to work. So
> on my share:
>
> [share]
>        comment = Shared directories
>        path = /samba/share
>        read only = No
>        guest ok = Yes
>
> With the following user rights in Linux:
> drwxrwxr-x 5 nobody Domain Users 4096 2008-08-07 13:53 share
>
> I create a directory called 'test' with the user 'tdummy'.
> The permissions on this directory in Linux are now:
> drwxrwxr-x  3 tdummy Domain Users    4096 2008-08-07 13:23 test
>
> When I try to give the user 'mbuster' (also a member of the group
> "Domain Users") a special set of user rights from windows (using
the
> security tab on the directory properties), I get the message that
> access is denied (whatever rights I choose). So I thought lets try it
> from the Linux side and I added some acl rights to that directory for
> the user 'mbuster'. So a getfacl now shows:
>
> # file: test
> # owner: tdummy
> # group: Domain\040Users
> user::rwx
> user:mbuster:rwx
> group::r-x
> mask::rwx
> other::r-x
>
> But the user permissions for 'mbuster' are not shown in the
security
> tab of the windows file properties. So this does not seem to work (is
> it supposed to work like this?).
>
> I have build samba with the --with-acl-support option. In my fstab,
> the options acl and user_xattr are used. My smb.conf can be found
> overhere:
> http://pastebin.ca/1094618
>
> So, I have a properly working domain, users can log on, they can
> create/delete/modify files on their home directories and the shared
> directories, but I am not able to change acl permissions from windows
> and if I change them from Linux with setfacl, they are not shown nor
> do have any effect in Windows.
>
> Does anybody know what I am doing wrong? Or can a extensive guide to
> setup acl's properly be found somewhere (the guides I found were not
> that extensive and didn't work for me)?
>
> Greetings,
> Heiko
>