[Samba] Problem with POSIX ACL when using SMB2 protocol
Adrian Berlin
gato at rock.com
Mon Oct 8 07:28:46 MDT 2012
Hello,
I'm using Windows Server 2008 R2 and Debian Linux with Samba 3.6.7 and I
have problem with ACL permissions. When I set max protocol = SMB2 in
smb.conf I am able to traverse through folder "test" as "user1" even if I
set only read permission for "Others". If I set max protocol = NT1, I
cannot traverse through the same folder as "user1" with the same
permissions - read only for "Others".
Why there are differences in ACL behavior when I use NT1 or SMB2 protocol
?
My Samba share is located on XFS filesystem with mount options
(rw,noatime,nodiratime,attr2,usrquota,grpquota).
In that share I have folder with following permissions:
# file: test
# owner: root
# group: root
user::rwx
group::rwx
mask::rwx
other::r--
My smb.conf:
[global]
dos charset =
CP852
display charset =
UTF8
netbios name = host1
server string = description1
bind interfaces only =
Yes
map to guest = Bad
Password
obey pam restrictions =
Yes
passdb backend =
ldapsam:ldap://127.0.0.1:389
guest account =
guest
passwd program = /usr/bin/passwd
%u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n
.
lanman auth =
Yes
syslog =
0
log file =
/var/log/samba/log.%m
max log size =
6000
max protocol =
SMB2
enable asu support =
Yes
keepalive =
10
socket options = TCP_NODELAY
IPTOS_LOWDELAY
printcap cache time =
0
max stat cache size =
1024
domain logons =
Yes
os level =
0
local master = No
domain master = No
dns proxy = No
ldap admin dn = "cn=admin,dc=server,dc=local"
ldap suffix = "dc=server,dc=local"
ldap ssl = no
lock directory = /usr/local/samba/var/locks
pid directory = /tmp
usershare path = /usr/local/samba/var/locks/usershares
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
idmap config * : backend = tdb
invalid users = root, whell
create mask = 0777
directory mask = 0777
force unknown acl user = Yes
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
smb encrypt = No
veto files =
/:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary
Items/Network Trash
Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon\077/.AppleDouble/.AppleDesktop/desktop.ini/RECYCLER/
map archive = No
store dos attributes = Yes
dos filemode = Yes
[share1]
path = /mnt/share1
valid users = user1
read only = No
case sensitive = No
Best Regards
Adrian Berlin
--
More information about the samba
mailing list