I have ACLs working for files with the following set in my share definitions: inherit permissions = yes inherit acls=yes map acl inherit=yes vfs_objects = acl_tdb While testing my Samba configuration, I found that permissions are being set to 'special' for directories being copied from Windows instead of the ACL being fully populated. Does Samba 3.6 fully implement ACLS, or are there further configuration steps for storing the ACL information for directories? Note, I have used a TDB for ACLs since I have extended attributes enabled on the file system level to store timestamp information. Derek
On 17 October 2010 13:04, Derek Lewis <dlewis at mtu.edu> wrote: [...]> Note, I have used a TDB for ACLs since I have extended attributes enabled on > the file system level to store timestamp information.I could be wrong, but I think the tdb is for if your filesystem does NOT support extended attributes. -- Michael Wood <esiotrot at gmail.com>
> Note, I have used a TDB for ACLs since I have extended attributes enabled on > the file system level to store timestamp information.As Michael Wood pointed out in a reply to you, the tdb is to be used when your filesystem does NOT support extended attributes. You can use Extended Attributes to store your timestamp information *and* ACLs, using the ACL_XATTR vfs module.
> I had not realized that the ACL module would store both sets of information.Please note that I *didn't* state that. What I said is that you can use Extended Attributes to *also* store ACL information. ACL information will be stored under a different attribute, which in this case is called "security.NTACL". Most Samba VFS modules are stackable.
> While testing my Samba configuration, I found that permissions are being set > to 'special' for directories being copied from Windows instead of the ACL > being fully populated. Does Samba 3.6 fully implement ACLS, or are there > further configuration steps for storing the ACL information for directoriesOf course you are aware that the normal Windows behavior, which Samba emulates, is to keep ACLs when files are *moved* and modify them according to those of the destination when files are *copied*?
On Sun, Oct 17, 2010 at 04:04:29AM -0700, Derek Lewis wrote:> I have ACLs working for files with the following set in my share > definitions: > > inherit permissions = yes > > inherit acls=yes > > map acl inherit=yes > > vfs_objects = acl_tdb > > > > While testing my Samba configuration, I found that permissions are being set > to 'special' for directories being copied from Windows instead of the ACL > being fully populated. Does Samba 3.6 fully implement ACLS, or are there > further configuration steps for storing the ACL information for directories?FYI. I've just committed a "jumbo" ACL patch for v3-6-test (and am currently looking at backporting this to 3.5.x) which I hope will fix several issues with storing ACLs in xattrs and getting full Windows ACL compatibility. I'll ping the lists when I want wider testing (still ensuring it all works at the moment). Cheers, Jeremy.