Hi all, i'm new in this mailing list, i need some help with a problem i
experience with my samba setup.
I set up a fileserver on top of debian 6 with samba-3.6.6 on an XFS
filesystem partition.
I tried to use vsf acl_xattr for better windows compatibility and it
seems generally working good, but i experience some strange behavior: I
added two acls with different restrictions one for a user and the other
for a group the user is member of, it seems that the more restrictive
permissions are evaluated.
To reproduce the problem i used a domain user that is member of group1
and that group1 has read-wrire(modify) permissions on the file i want to
write to. As soon as i apply another acl with read-only permission on
the same file for the specified user, i can't write to file anymore.
The very strange thing is that as i try to apply a read only acl to
group and a read write acl to user i can write the file normally.
I dont know if this is some sort of my misconfiguration or wrong
filesystem permision on top of the share i tried many variations
including enabling end disabling acl_xattr:ignore system acls option.
but no change.
Filesystem is XFS and comes with extended attributes enabled. Follows
the global smb.conf and the share definition.
Any help will be appreciated.
Mitja Tavcar
[global]
workgroup = INTRA
realm = INTRA.COMUNE.TRENTO.IT
server string = File server applicazioni
security = ADS
log file = /var/log/samba/%m-%U.smbd
load printers = No
printcap name = /dev/null
disable spoolss = Yes
local master = No
domain master = No
registry shares = Yes
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config INTRA : range = 10000-99999
idmap config INTRA : backend = rid
idmap config * : range = 1000000-2000000
idmap config * : backend = tdb
hosts allow = 192.168.0.0/255.255.0.0, 10.2.0.0/255.255.0.0
[pippo$]
path = /smbmnt/disk_servizi/Servizi/pippo/
read only = no
browseable = No
store dos attributes = Yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = Yes
ea support = Yes
inherit acls = Yes
guest ok = no
available = yes
inherit permissions = yes
map acl inherit = yes
acl map full control = no
