Jeremy Allison
2019-Nov-14 22:03 UTC
[Samba] mixing Windows ACL and POSIX ACL shares on one server?
On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba wrote:> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote: > > Hi, > > > > I posted a similar question in 2018 with no answers, so I'll try > > again: > > Is it possible to have shares with Windows ACLs and shares with > > POSIX > > ACLs on the same server (security = user)? Since share permissions > > are > > handled differently for both types of shares I'm not sure if this > > will > > work. I know I could try it out myself, but the question again just > > came > > to my mind and I think there will be clear answer by someone who > > knows. > > Yes, use acl_xattr to store the windows acl if you want that handled > faithfully. The last ACL to be set will win. > > If you set a POSIX ACL then any windows ACL that has been set will be > ignored. If you set a windows ACL on the same file then it will be > translated into posix and also stored. > > So, the idea is that it would 'just work'.Yep, +1 Andrew, that's the way it's meant to work (was designed that way). There might be some tricky corner cases but mostly this is the way most Samba installs use ACLs.
Matthias Leopold
2019-Nov-14 22:29 UTC
[Samba] mixing Windows ACL and POSIX ACL shares on one server?
Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba:> On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba wrote: >> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote: >>> Hi, >>> >>> I posted a similar question in 2018 with no answers, so I'll try >>> again: >>> Is it possible to have shares with Windows ACLs and shares with >>> POSIX >>> ACLs on the same server (security = user)? Since share permissions >>> are >>> handled differently for both types of shares I'm not sure if this >>> will >>> work. I know I could try it out myself, but the question again just >>> came >>> to my mind and I think there will be clear answer by someone who >>> knows. >> >> Yes, use acl_xattr to store the windows acl if you want that handled >> faithfully. The last ACL to be set will win. >> >> If you set a POSIX ACL then any windows ACL that has been set will be >> ignored. If you set a windows ACL on the same file then it will be >> translated into posix and also stored. >> >> So, the idea is that it would 'just work'. > > Yep, +1 Andrew, that's the way it's meant to work (was > designed that way). There might be some tricky corner > cases but mostly this is the way most Samba installs > use ACLs. >thank you. you are all focusing on ACLs, I'm rather sure they will work, my concern is rather management of share permissions. will share_info.tdb (Windows ACL share) work alongside with "valid users" (POSIX ACL share)? Matthias
Andrew Bartlett
2019-Nov-14 23:07 UTC
[Samba] mixing Windows ACL and POSIX ACL shares on one server?
On Thu, 2019-11-14 at 23:29 +0100, Matthias Leopold wrote:> > > thank you. you are all focusing on ACLs, I'm rather sure they will > work, > my concern is rather management of share permissions. will > share_info.tdb (Windows ACL share) work alongside with "valid users" > (POSIX ACL share)? > > MatthiasBoth apply to all clients (one then the other). Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Timothy Brewer
2019-Nov-14 23:09 UTC
[Samba] mixing Windows ACL and POSIX ACL shares on one server?
Matthias, I used setfacl to set POSIX and Ad ACLS. Windows users who are in the appropriate group can manage perms for both. Cheers, Tim On Thu, Nov 14, 2019 at 3:43 PM Matthias Leopold via samba < samba at lists.samba.org> wrote:> > > Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba: > > On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba > wrote: > >> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote: > >>> Hi, > >>> > >>> I posted a similar question in 2018 with no answers, so I'll try > >>> again: > >>> Is it possible to have shares with Windows ACLs and shares with > >>> POSIX > >>> ACLs on the same server (security = user)? Since share permissions > >>> are > >>> handled differently for both types of shares I'm not sure if this > >>> will > >>> work. I know I could try it out myself, but the question again just > >>> came > >>> to my mind and I think there will be clear answer by someone who > >>> knows. > >> > >> Yes, use acl_xattr to store the windows acl if you want that handled > >> faithfully. The last ACL to be set will win. > >> > >> If you set a POSIX ACL then any windows ACL that has been set will be > >> ignored. If you set a windows ACL on the same file then it will be > >> translated into posix and also stored. > >> > >> So, the idea is that it would 'just work'. > > > > Yep, +1 Andrew, that's the way it's meant to work (was > > designed that way). There might be some tricky corner > > cases but mostly this is the way most Samba installs > > use ACLs. > > > > thank you. you are all focusing on ACLs, I'm rather sure they will work, > my concern is rather management of share permissions. will > share_info.tdb (Windows ACL share) work alongside with "valid users" > (POSIX ACL share)? > > Matthias > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Tim Brewer Field Services Tech - ETS FS region 2 Wyoming Department of Enterprise Technology Services 2020 Grand Ave. Laramie, WY 82070 tim.brewer at wyo.gov website: ets.wyo.gov Support: 307-777-5000 Direct Line: 307-343-3183 Ensuring Wyoming has trailblazing technology to meet tomorrows challenges while delivering the finest in business services today. -- E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties.
Apparently Analagous Threads
- mixing Windows ACL and POSIX ACL shares on one server?
- mixing Windows ACL and POSIX ACL shares on one server?
- mixing Windows ACL and POSIX ACL shares on one server?
- mixing Windows ACL and POSIX ACL shares on one server?
- mixing Windows ACL and POSIX ACL shares on one server?