David Roid
2010-Dec-29 08:36 UTC
[Samba] Is ACL+extended attributes exclusive with mask/mode family options?
Hello list, I've got a question from reading Using Samba 3rd, where it puts: ... the final permission is caculated by below filters in the order used by Samba: 1. Apply any DOS attribute mapping options << I take this as either map DOS attributes to execute bits, or store DOS attributes in extended attributes. Correct? 2. Apply the create mask settings 3. Apply the force create mode settings. This looks reasonable, however I got an unexpected result from [myshare] path=...( file system is mount with acl and user_xattr ) writeble=yes store dos attributes=yes ea support=yes vfs objects=acl_xattr create mask=644 The problem is "create mask" is not honored and I get 755 for plain text files created from windows client. Further experiment reveals that if "vfs objects" is removed then "create mask" works. I know vfs_acl_xattr is needed to keep windows ACL here ( I suppose it's step1 ), but why doesn't it honor mask options ( step2 and step3 )? Or settings in the share above are just not supposed to work together? Opinions? Regards -David
TAKAHASHI Motonobu
2010-Dec-29 11:06 UTC
[Samba] Is ACL+extended attributes exclusive with mask/mode family options?
2010/12/29 David Roid <dataroid at gmail.com>:> Further experiment reveals that if "vfs objects" is removed then "create > mask" works. I know vfs_acl_xattr is needed to keep windows ACL here ( I > suppose it's step1 ), but why doesn't it honor mask options ( step2 and > step3 )? Or settings in the share above are just not supposed to work > together?vfs_acl_xattr sets "inherit acls = yes" automatically. "inherit acls = yes" makes permission of files newly created inherited from the default acls of their parent directory regardless of create mask or such kind of parameters.> ... the final permission is caculated by below filters in the order used by > Samba: > 1. Apply any DOS attribute mapping options ? ? ? ? ? ? ?<< I take this as > either map DOS attributes to execute bits, or store DOS attributes in > extended attributes. Correct? > 2. Apply the create mask settings > 3. Apply the force create mode settings.If neither "inherit acls" nor "inherit permissions" is set, you are right. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
Seemingly Similar Threads
- simplest way (set of functions) to parse a file
- [quick question] smbclient -m smb2 not working
- [homes] share not created unless linux user has a home directory in /etc/passwd
- home share issue: //server/homes errs, while //server/<username> works
- smbclient -L succeeded even network is down