[Samba] Re: XFS and inherit permissions bug?
initiators at free.fr
initiators at free.fr
Fri Nov 9 14:05:22 GMT 2007
Hello
Here are some more informations.
General infos on my Samba configuration
#######################################
The server is a Debian Etch with distro kernel & Samba package
(2.6.18-5-686 & 3.0.24-6etch4).
Users shell is set to /bin/false, they are only accessing this server
through Samba.
All files are owned by user root (Administrator) and group
smb-Administrators (Domain Admins). The basic rights are rwx for root
and smb-Administrators and nothing for other.
The inherit permissions parameter is set in smb.conf for Administrator
user and Domain Admins group to have access to all the files, the
inherit owner is set to have all files owned by user root, and all
folders are setgid to have all files owned by group smb-Administrators.
The users get their access rights using acls and the inherit acls
parameter is set in smb.conf.
The windows attributes (archive, hidden and system) are stored in
extended attributes.
Reproducing the problem
#######################
In the base dir of one of my shares I have:
root at samba1:~ # ll /srv/samba/data_inf/
total 436
drwxrws---+ 7 root smb-Administrators .
drwxr-xr-x 16 root root ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+ 5 root smb-Administrators BROUILLON_INF
-rw-rwx---+ 1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+ 6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+ 2 root smb-Administrators MODELES_INF
root at samba1:~ # getfacl /srv/samba/data_inf/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
>From a Windows client I create a new dir test1:
root at samba1:~ # ll /srv/samba/data_inf/
total 440
drwxrws---+ 8 root smb-Administrators .
drwxr-xr-x 16 root root ..
drwxrws---+ 11 root smb-Administrators ARCHIVES_INF
drwxrws---+ 5 root smb-Administrators BROUILLON_INF
-rw-rwx---+ 1 root smb-Administrators DCI-INF-L-001-F.xls
drwxrws---+ 10 root smb-Administrators ESPACE_INF
drwxrws---+ 6 root smb-Administrators ESPACE_INF_PUBLIC
drwxrws---+ 2 root smb-Administrators MODELES_INF
drwxrwx---+ 2 root smb-Administrators test1
root at samba1:~ # getfacl /srv/samba/data_inf/test1/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1
# owner: root
# group: smb-Administrators
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
The test1 dir is owned by the group smb-Administrators because the . dir
is setgid, but it is not setgid.
>From a Windows client I create a new dir test2 in dir test1:
root at samba1:~ # ll /srv/samba/data_inf/test1/
total 16
drwxrwx---+ 3 root smb-Administrators 18 2007-11-09 14:37 .
drwxrws---+ 8 root smb-Administrators 4096 2007-11-09 14:33 ..
drwxrwx---+ 2 root smb-DomainUsers 6 2007-11-09 14:37 test2
root at samba1:~ # getfacl /srv/samba/data_inf/test1/test2/
getfacl: Removing leading '/' from absolute path names
# file: srv/samba/data_inf/test1/test2
# owner: root
# group: smb-DomainUsers
user::rwx
group::rwx
group:smb-Inf:rwx
group:smb-Bme-Fr:r-x
mask::rwx
other::---
The test2 dir is owned by group smb-DomainUsers (Domain Users) that is
the primary group of all users.
my smb.conf
###########
#======================= Global Settings =======================
[global]
netbios name = data
workgroup = bme-fr
server string = Samba %v
smb ports = 139 445
domain master = yes
preferred master = yes
wins support = yes
name resolve order = wins bcast hosts
time server = yes
interfaces = eth1, lo
bind interfaces only = yes
#### Debugging/Accounting ####
# One logfile per client
log file = /var/log/samba/log.%m
# Minimum logs in syslog, logs go to /var/log/samba/log.{smbd,nmbd}
syslog = 0
log level = 1
max log size = 1000
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = user
encrypt passwords = true
domain logons = yes
passdb backend = tdbsam
username map = /etc/samba/smbusers
guest account = nobody
map to guest = bad password
########## Printing ##########
disable spoolss = yes
####### File sharing ########
browseable = no
read only = yes
guest ok = no
inherit owner = yes
inherit permissions = yes
inherit acls = yes
map archive = no
map hidden = no
map system = no
store dos attributes = yes
unix charset = utf8
dos charset = 850
############ Misc ############
# Most people will find that this option gives better performance.
# See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html
# for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
; socket options = TCP_NODELAY
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#======================= Share Definitions =======================
[IPC$]
comment = IPC$ share
path = /var/cache/samba/ipc
#[homes]
# comment = Home Directories
# read only = no
# path = /srv/samba/homes/%S
# valid users = %S
[netlogon]
comment = Network Logon Service
browseable = yes
; read only = no
path = /srv/samba/netlogon
guest ok = yes
locking = no
#[profiles]
# comment = Profiles Share
# browseable = yes
# read only = no
# path = /srv/samba/profiles
#; profile acls = yes
[data_old]
; comment =
browseable = yes
; read only = no
path = /srv/samba/data_old
[data_inf]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_inf
[data_qua]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_qua
[data_prd]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_prd
[data_comm]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_comm
[data_rd]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_rd
[intra]
; comment =
browseable = yes
read only = no
path = /srv/samba/intra
[data_it]
; comment =
browseable = yes
read only = no
path = /srv/samba/data_it
[dci_image_bank]
; comment =
browseable = yes
read only = no
path = /srv/samba/dci_image_bank
More information about the samba
mailing list