search for: canon_ace

Maybe I'm doing somthing really stupid, but while copying some windows share onto a samba server, on some random subdirectory robocopy says ERROR 87 (0x00000057) Copying NTFS Security to Destination Directory... The samba logfile has lots of these lines. modules/vfs_posixacl.c:349(smb_acl_to_posix) smb_acl_to_posix: ACL is invalid for set (Das Argument ist ung?ltig) The strange thing is

...ed to be the "basename" of a non-directory object? --- I'm researching a bug in the ACL's that causes the first entry of a POSIX ACL in AIX to lose an entry. As you can see the entry for "fogarjoh" is there then gone. [2005/03/11 08:29:54, 10] smbd/posix_acls.c:print_canon_ace_list(590) print_canon_ace_list: canonicalise_acl: ace entries after arrange canon_ace index 0. Type = allow SID = S-1-5-21-1908802895-3536710745-1580887524-7952 uid 3476 (billtest) SMB_ACL_USER_OBJ perms rwx canon_ace index 1. Type = allow SID = S-1-5-21-1908802895-3536710745-1580887524-1001...

... does not work. I use the W2k functionality "synchronize" on my laptop to have up2date synchronized copies of my files both at the laptop and the file server. The file server is a P 200 MHz running RH Linux 9. When on-line the synchronization of files works, except for my swedish letters "???". However when off-line working with my files, then reconnecting to the

...g to add an entry to the ACL. This covers adding an element to the ACL, but not the issue of seeing them, I'm guessing the issues may be related. To cut to the chase, the fatal looking line appears to be the one 3 timestamps from the bottom: [2007/10/30 14:16:53, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2579) convert_canon_ace_to_posix_perms: Too many ACE entries for file foo.txt to convert to posix perms. This looks suspiciously like it's not actually trying to set the security as an ACL. If it were, I'd expect that it wouldn't be trying to squeeze everything into p...

..._tdb module as a mechanism to support Windows ACLs. We have verified that samba has ACL support enabled, and ACL support works find if we export the share from the local EXT4 filesystem. When trying to add a user ACL from Windows, we get ACCESS_DENIED error, with the following log entries: (set_canon_ace_list) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx [2012/07/03 17:19:29.724227, 10] smbd/posix_acls.c:2757(set_canon_ace_list) canon_ace index 1. Type = allow SID = S-1-5-18 gid 10021 (10021) SMB_ACL_GROUP ace_flags = 0x0 perms rwx [2012/07/03 17:1...

...16:51:22, 10] smbd/posix_acls.c:3369(posix_get_nt_acl) posix_get_nt_acl: called for file withoutgroupperm [2010/10/29 16:51:22, 10] smbd/posix_acls.c:2519(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2010/10/29 16:51:22, 10] smbd/posix_acls.c:2532(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2010/10/29 16:51:22, 10] smbd/posix_acls.c:2532(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-495 gid 495 (apache) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x [2010/10/29 16:51:22, 10] smbd/posix...

...e. > > > >That is not a helpful response to a request for debug info. > > > >Just sayin' :-) :-). > > > > No, it's not. Apologies. > > http://www.cv.nrao.edu/~jmalone/sambalog.txt Looking at that log I see: posix_get_nt_acl: called for file . canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x S...

...ave this problem with windows 7, with windows XP it works great instead. acls log: ===== [2011/01/27 16:16:53.079114, 10] smbd/posix_acls.c:2605(canonicalise_acl) canonicalise_acl: Default ace entries before arrange : [2011/01/27 16:16:53.079128, 10] smbd/posix_acls.c:2618(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms --- [2011/01/27 16:16:53.079144, 10] smbd/posix_acls.c:2618(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-2-0 gid 1004 (COMPANY) SMB_ACL_GROUP ace_flags = 0x0 perms rwx <= HER...

...class=acls] ../source3/smbd/posix_a > cls.c:2724(canonicalise_acl) > canonicalise_acl: Access ace entries before arrange : > [2016/11/14 11:32:30.009831, 10, pid=9336, effective(2310, 2049), > real(2310, 0), class=acls] ../source3/smbd/posix_a > cls.c:2737(canonicalise_acl) > canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER > ace_flags = 0x0 perms r-- > [2016/11/14 11:32:30.009858, 10, pid=9336, effective(2310, 2049), > real(2310, 0), class=acls] ../source3/smbd/posix_a > cls.c:2737(canonicalise_acl) > canon_ace index 1. Type = allow SID = S-1-22...

Hello! I have samba share on my sshfs-mounted folder. All works just fine except I can't delete files from sshfs unless they are in 0777 chmodded directory. Even if that files were putted trough smbclient. I can read files, write files (regardless their directory permissions) but not delete them. Here is my share config: [myshare] comment = shre over sshfs path = /home/kli/work/remotes/dev

...n - sorry for my lack of > familiarity with the internals here. I've *never* had issues like > these with Samba before. The token is the list of uids/gids (or SIDs in Windows terms) that this smbd is using to represent the user right now. > However, I see this bit: > > > canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) > SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx > canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) > SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x > canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER > ace...

...711345, 10] smbd/posix_acls.c:3412(posix_get_nt_acl) posix_get_nt_acl: called for file test [2012/05/10 14:24:33.711404, 10] smbd/posix_acls.c:2537(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2012/05/10 14:24:33.711447, 10] smbd/posix_acls.c:2550(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-x [2012/05/10 14:24:33.711496, 10] smbd/posix_acls.c:2550(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-512 gid 512 (Domain Admins) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x [2012/05/10 14:24:33.7...

...gs are OK. Also if I use the "write list = @users" I'm able to create files when I'm connected to the share. In the samba logs I can see that the ACL -> UNIX convertion seems fine: gid_to_sid: local 100 -> S-1-22-2-100 canonicalise_acl: Access ace entries before arrange : canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- canon_ace index 1. Type = allow SID = S-1-22-2-100 gid 100 (users) SMB_ACL_GROUP perms rw- canon_ace index 2. Type = allow SID = S-1-22-2-1001 gid 1001 (grupo2) SMB_ACL_GROUP_OBJ perms r-x canon_ace index 3. Type = allow SID = S-1-5-...

Hello, Really stumped on this issue. I have samba 4.4.7 running on a new server. Users cannot write to files to which they have write permissions via group. Example: Here's the local filesystem on the samba server. I'm logged in as jmalone : jmalone at canis; cd /home/www.nrao.edu/content/logs/ : jmalone at canis; ls -l total 4 -rw-rw-r-- 1 jmalone nraoweb 0 Nov 10 10:02

...310, 2049), real(2310, 0), class=acls] ../source3/smbd/posix_a cls.c:2724(canonicalise_acl) canonicalise_acl: Access ace entries before arrange : [2016/11/14 11:32:30.009831, 10, pid=9336, effective(2310, 2049), real(2310, 0), class=acls] ../source3/smbd/posix_a cls.c:2737(canonicalise_acl) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r-- [2016/11/14 11:32:30.009858, 10, pid=9336, effective(2310, 2049), real(2310, 0), class=acls] ../source3/smbd/posix_a cls.c:2737(canonicalise_acl) canon_ace index 1. Type = allow SID = S-1-22-2-9006 gid 9006 (cvwe...

.../02/02 18:34:15, 5] smbd/posix_acls.c:get_nt_acl(2805) get_nt_acl : file ACL absent, directory ACL absent [2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2244) canonicalise_acl: Access ace entries before arrange : [2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2257) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms r-x [2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_acl(2257) canon_ace index 1. Type = allow SID = S-1-5-32-545 gid 512 (quickbooksusers) SMB_ACL_GROUP_OBJ perms rwx [2015/02/02 18:34:15, 10] smbd/posix_acls.c:canonicalise_ac...

...sid_from_gid_cache(995) fetch sid from gid cache 1012 -> S-1-5-21-2852544288-689542784-3650984603-3025 [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2205) canonicalise_acl: Access ace entries before arrange : [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms --- [2007/04/02 17:31:10, 10] smbd/posix_acls.c:canonicalise_acl(2218) canon_ace index 1. Type = allow SID = S-1-5-21-2852544288-689542784-3650984603-3025 gid 1012 (ensur) SMB_ACL_GROUP perms rwx [2007/04/02 17:31:10, 10] smbd/posix_ac...

Two attached patches for samba 2.2.7a and 3.0-alfa22, that I've made today, fix 3 bugs mentioned in my previous e-mail. 1) For each file in addition to ALLOW ACE proper DENY ACE is created. 2) "Take ownership" is shown DENIED for all except root ACEs 3) Read Permissions and read attributes are always shown as allowed, as they are actually allowed. -- Zhitomirsky

...eck_access_rights) I see that smbd #28398 is the offending process. I'm not sure what the "token" is that I'm looking for. Again - sorry for my lack of familiarity with the internals here. I've *never* had issues like these with Samba before. However, I see this bit: canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms r...

On 11/15/16 7:25 PM, Jeremy Allison wrote: > > The token is the list of uids/gids (or SIDs in Windows terms) > that this smbd is using to represent the user right now. Okay - that makes sense. Thank you. >> >> canon_ace index 0. Type = allow SID = S-1-22-1-0 uid 0 (root) >> SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx >> canon_ace index 1. Type = allow SID = S-1-22-2-0 gid 0 (root) >> SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x >> canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_AC...