Modification of ACL using NT breaks default ACL on Solaris
Johannes Tyve
Johannes.Tyve at sgu.se
Wed Apr 25 06:49:41 GMT 2001
Directory from Solaris:
jste at sys7:test> getfacl folder/
# file: folder/
# owner: ntsysadm
# group: adb
user::rwx
user:katta:rwx #effective:rwx
user:jste:rwx #effective:rwx
user:andlag:rwx #effective:rwx
group::r-x #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:user:katta:rwx
default:user:jste:rwx
default:user:andlag:rwx
default:group::r--
default:mask:r--
default:other:r--
I NT Security / Permissions:
Everyone Special Access (RX) (R)
SYS7\adb Special Access (RX) (R)
SYS7\andlag Special Access (RWX)(R)
SYS7\jste Special Access (RWX)(R)
SYS7\katta Special Access (RWX)(R)
SYS7\ntsysadm Special Access (RWX)(RWX)
Not changing anything, only press OK button
Solaris permissions:
jste at sys7:test> getfacl folder/
# file: folder/
# owner: ntsysadm
# group: adb
user::rwx
user:katta:rwx #effective:rwx
user:jste:rwx #effective:rwx
user:andlag:rwx #effective:rwx
group::r-x #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:group::r--
default:mask:r--
default:other:r--
I NT Security / Permissions:
Everyone Special Access (RX) (R)
SYS7\adb Special Access (RX) (R)
SYS7\andlag Special Access (RWX)*(Nothing)
SYS7\jste Special Access (RWX)*(Nothing)
SYS7\katta Special Access (RWX)*(Nothing)
SYS7\ntsysadm Special Access (RWX)(RWX)
My smb.conf (also tested without any security mask / mode):
# Samba config file created using SWAT
# from xxxx (x.x.x.x)
# Date: 2000/01/26 15:48:37
# Global parameters
[global]
workgroup = XXX
security = DOMAIN
encrypt passwords = Yes
min passwd length = 6
password server = sgu4 sys4
username map = /usr/local/samba/lib/users.map
log file = /var/opt/samba/log/%m
socket options = TCP_NODELAY
character set = iso8859-1
wins server = 10.1.20.104
security mask = 0777
force security mode = 00
directory security mask = 0777
force directory security mode = 00
lprm command = /usr/bin/cancel %p-%j
[homes]
read only = No
browsable = No
Jeremy Allison wrote:
>
> Johannes Tyve wrote:
> >
> > The ACL is now changed using security tab on my NT 4.0 Workstation and
> > ronnie is granted full access to the directory but...
>
> I need to know *exactly* what permissions you specified in
> the NT tab.
>
> My guess is you're not selecting any default ACL
> from the tab - in which case, exactly as NT does, Samba
> will remove default acls.
>
> Jeremy.
>
More information about the samba-technical
mailing list