[Samba] ACL set up yet Security Properties not sticking.
greg at fqdn.com
greg at fqdn.com
Mon Jan 16 19:17:24 GMT 2006
Hi,
On a windows client if I attempt to modify the permissions on a file which
resides on a linux server, when I hit "apply or ok" my changes are lost.
Doing it from the unix cli (using setfacl) works as expected and the
changes are not lost.
Yet on windows if I right click - properties - Security. select add, add
a user or group, hit Apply and the user/group I just added is removed.
ACL support is properly configured as far as I am aware on the linux file
server.
any one with any idea as to what I should look at, that would be great,
thanks!
It has been a bummer modifying all the permission change requests by hand.
======================================================
samba is built with ACL support:
smbd -b |grep ACL
HAVE_SYS_ACL_H
HAVE_POSIX_ACLS
======================================================
Kernel has ACL support built in as does the file system:
CONFIG_NFS_ACL=y
CONFIG_NFSD_ACL=y
CONFIG_NFS_ACL_SUPPORT=y
CONFIG_REISERFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
======================================================
mount returns:
/dev/mapper/VG01-LV01 on /export/exec type reiserfs (rw,acl,user_xattr)
=======================================================
if I modify a files ACL from the command line (local to the server) the
changes stick and are viewable on the windows client:
exec:/export/exec/foobar # getfacl complight.jpg
# file: complight.jpg
# owner: greg
# group: users
user::rw-
group::r-x
group:systems_smb:r-x
mask::rwx
other::---
exec:/export/exec/foobar # setfacl -m user:john:rwx complight.jpg
exec:/export/exec/foobar # getfacl complight.jpg
# file: complight.jpg
# owner: greg
# group: users
user::rw-
user:john:rwx
group::r-x
group:systems_smb:r-x
mask::rwx
other::---
=======================================================
The domain is controled by a samba pdc server running version 3.0.8, all
linux samba servers run in DOMAIN mode.
I'll be glad to provide further information if required.
More information about the samba
mailing list