On Fri, March 13, 2009 11:07, Christos Karaviotis wrote:> On Wed, March 11, 2009 14:26, Adam Tauno Williams wrote:
>>> I am running Samba for some years now (3 years) and had absolutely
no
>>> problems. For the last month on one of the machines the NT ACL
stopped
>>> working and everyone have full access everywhere even if they are
not
>>> in
>>> the acl.
>>> If I try to add them and restrict them only to read and execute the
acl
>>> will show that this is the case but it will have no effect.
>>> I am running Fedora 9 and Samba-3.2.4. I have done the
installation
>>> many
>>> times and this particular one used to work but now it fails.
>>> I have tried to upgrade to 3.2.8 but still the same problem. I
have
>>> remounted the FS with the option (acl) it did it but that did not
solve
>>> the problem.
>>
>> If you do a getfacl on the object do you see the ACLs you think you
set?
>> --
>> OpenGroupware developer: awilliam@whitemice.org
>> <http://whitemiceconsulting.blogspot.com/>
>> OpenGroupare & Cyrus IMAPd documenation @
>>
<http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>
>>
>>
>>
> Well I did that. Even users that do not exist in that folder's ACL
have
> rwx effective permissions. I am going crazy. The same exact setup with
> the same permissions on another machine is still working fine.
>
>
> Chris
>
Sorry for the delay
This is my smb.conf
==========================[global]
acl map full control = yes
admin users = user1,@Directors
socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
force group = Directors
encrypt passwords = yes
passdb backend = tdbsam
nt acl support = yes
netbios name = Atlas
server string = Public Folders
default = Public Folders
unix password sync = yes
local master = yes
workgroup = mydomain
acl group control = Yes
os level = 33
debug level = 10
security = user
username map = /etc/samba/smbusers
winbind enum users = yes
winbind enum groups = yes
# Server configuration parameters
[homes]
browsable = no
hide dot files = yes
hide files = /.*
writable = yes
create mask = 765
[Public Folders]
nt acl support = yes
acl map full control = yes
writeable = yes
inherit acls = yes
inherit permissions = Yes
directory mode = 0770
security mask = 0770
force security mode = 0770
path = /usr/local/SHARES
write list = @Directors,@Administrator
valid users = user1,user2,user3,@staff,@Directors,@Accounting
create mode = 770
user = user1,user2,user3,@staff,@Directors,@Administrator
===========================
