Andrew Martin
2015-Aug-10 19:51 UTC
[Samba] ACLs on Samba share not preserved when copying with Windows Explorer
I have a samba share (using Samba 3.6.3) running on an ext4 filesystem with the "acl" mount option. The samba share is configured as follows: [myshare] path = /srv/myshare browseable = no public = no guest ok = no writable = yes printable = no create mode = 0660 directory mode = 0770 level2 oplocks = no oplocks = no I have configured the following ACLs on the /srv/myshare directory: # file: myshare # owner: root # group: root # flags: -s- user::rwx user:user1:rwx user:user2:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:user1:rwx default:user:user2:rwx default:group::rwx default:mask::rwx default:other::---</pre> Note that this directory is owned by root:root and has the sgid bit set. User1 connects via Windows Explorer on Windows 7 and creates some directories inside of /srv/myshare. If he saves files directly from a 3rd party program, e.g LibreOffice, into one of these subdirectories, the files inherit the ACLs correctly. However, if he copies a file via Windows Explorer into one of these newly-created subdirectories, all ACLs are removed from said file: # file: test.pdf # owner: user1 # group: root user::rwx group::rwx other::--- Strangely, if he performs the same operation, copying the same file with Windows Explorer to the root of the share, /srv/myshare, rather than a subdirectory, the permissions are preserved correctly: # file: test.pdf # owner: user1 # group: root user::rw- user:user1:rwx user:user2:rwx group::rwx mask::rwx other::--- Has anyone encountered this problem, or do you know what I can do to make ACLs inherit as expected? Thanks, Andrew Martin
buhorojo
2015-Aug-11 17:54 UTC
[Samba] ACLs on Samba share not preserved when copying with Windows Explorer
On 10/08/15 21:51, Andrew Martin wrote:> > Has anyone encountered this problem, or do you know what I can do to make > ACLs inherit as expected? >Hi Files only inherit if you _create_ the them in the share as you saw with your libreoffice file.
Andrew Martin
2015-Aug-11 18:40 UTC
[Samba] ACLs on Samba share not preserved when copying with Windows Explorer
----- Original Message -----> From: "buhorojo" <buhorojo.lcb at gmail.com> > To: samba at lists.samba.org > Sent: Tuesday, August 11, 2015 12:54:23 PM > Subject: Re: [Samba] ACLs on Samba share not preserved when copying with Windows Explorer > > On 10/08/15 21:51, Andrew Martin wrote: > > > > Has anyone encountered this problem, or do you know what I can do to make > > ACLs inherit as expected? > > > > Hi > Files only inherit if you _create_ the them in the share as you saw with > your libreoffice file. > >Thanks for the help, however why does this matter from Samba's perspective? In either case, copying an existing file from a local drive to the share or saving a new file onto the share from a 3rd party program, the share sees a new file being created on it. Do each of these operations perform different SMB operations? Thanks, Andrew
Rowland Penny
2015-Aug-11 19:19 UTC
[Samba] ACLs on Samba share not preserved when copying with Windows Explorer
On 10/08/15 20:51, Andrew Martin wrote:> I have a samba share (using Samba 3.6.3) running on an ext4 filesystem with the > "acl" mount option. The samba share is configured as follows: > [myshare] > path = /srv/myshare > browseable = no > public = no > guest ok = no > writable = yes > printable = no > create mode = 0660 > directory mode = 0770 > level2 oplocks = no > oplocks = no > > I have configured the following ACLs on the /srv/myshare directory: > # file: myshare > # owner: root > # group: root > # flags: -s- > user::rwx > user:user1:rwx > user:user2:rwx > group::rwx > mask::rwx > other::--- > default:user::rwx > default:user:user1:rwx > default:user:user2:rwx > default:group::rwx > default:mask::rwx > default:other::---</pre> > > Note that this directory is owned by root:root and has the sgid bit set. User1 > connects via Windows Explorer on Windows 7 and creates some directories inside > of /srv/myshare. If he saves files directly from a 3rd party program, e.g > LibreOffice, into one of these subdirectories, the files inherit the ACLs > correctly. However, if he copies a file via Windows Explorer into one of these > newly-created subdirectories, all ACLs are removed from said file: > # file: test.pdf > # owner: user1 > # group: root > user::rwx > group::rwx > other::--- > > Strangely, if he performs the same operation, copying the same file with > Windows Explorer to the root of the share, /srv/myshare, rather than a > subdirectory, the permissions are preserved correctly: > # file: test.pdf > # owner: user1 > # group: root > user::rw- > user:user1:rwx > user:user2:rwx > group::rwx > mask::rwx > other::--- > > Has anyone encountered this problem, or do you know what I can do to make > ACLs inherit as expected? > > Thanks, > > Andrew Martin >Hi, is the share stored on a standalone server or an AD member server or what ? Not that this should matter, your problem is most likely caused by you using ACLs and trying to enforce Unix permissions. You should use one or the other, not both. Oh, and you don't have to use the 'acl' mount option with ext4, it is one of the 'defaults' Rowland
Andrew Martin
2015-Aug-11 21:01 UTC
[Samba] ACLs on Samba share not preserved when copying with Windows Explorer
----- Original Message -----> From: "Rowland Penny" <rowlandpenny241155 at gmail.com> > To: samba at lists.samba.org > Sent: Tuesday, August 11, 2015 2:19:09 PM > Subject: Re: [Samba] ACLs on Samba share not preserved when copying with Windows Explorer > > Hi, is the share stored on a standalone server or an AD member server or > what ? > > Not that this should matter, your problem is most likely caused by you > using ACLs and trying to enforce Unix permissions. You should use one or > the other, not both. > > Oh, and you don't have to use the 'acl' mount option with ext4, it is > one of the 'defaults' > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Hi Rowland, This Samba 3 server is joined to a Samba 4 AD domain using winbind. Can you elaborate on how I am attempting to enforce UNIX permissions? As far as I am aware, I am only setting the necessary octal bits in order to be able to configure the POSIX ACLs. Thanks, Andrew
Seemingly Similar Threads
- ACLs on Samba share not preserved when copying with Windows Explorer
- ACLs on Samba share not preserved when copying with Windows Explorer
- ACLs on Samba share not preserved when copying with Windows Explorer
- idmap & migration to rfc2307
- idmap & migration to rfc2307