Modification of ACL using NT breaks default ACL on Solaris

Johannes Tyve Johannes.Tyve at sgu.se
Wed Apr 25 06:49:41 GMT 2001


Directory from Solaris:

jste at sys7:test> getfacl folder/

# file: folder/
# owner: ntsysadm
# group: adb
user::rwx
user:katta:rwx          #effective:rwx
user:jste:rwx           #effective:rwx
user:andlag:rwx         #effective:rwx
group::r-x              #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:user:katta:rwx
default:user:jste:rwx
default:user:andlag:rwx
default:group::r--
default:mask:r--
default:other:r--

I NT Security / Permissions:

Everyone	Special Access (RX) (R)
SYS7\adb	Special Access (RX) (R)
SYS7\andlag	Special Access (RWX)(R)
SYS7\jste	Special Access (RWX)(R)
SYS7\katta	Special Access (RWX)(R)
SYS7\ntsysadm	Special Access (RWX)(RWX)

Not changing anything, only press OK button

Solaris permissions:

jste at sys7:test> getfacl folder/

# file: folder/
# owner: ntsysadm
# group: adb
user::rwx
user:katta:rwx          #effective:rwx
user:jste:rwx           #effective:rwx
user:andlag:rwx         #effective:rwx
group::r-x              #effective:r-x
mask:rwx
other:r-x
default:user::rwx
default:group::r--
default:mask:r--
default:other:r--

I NT Security / Permissions:

Everyone	Special Access (RX) (R)
SYS7\adb	Special Access (RX) (R)
SYS7\andlag	Special Access (RWX)*(Nothing)
SYS7\jste	Special Access (RWX)*(Nothing)
SYS7\katta	Special Access (RWX)*(Nothing)
SYS7\ntsysadm	Special Access (RWX)(RWX)

My smb.conf (also tested without any security mask / mode):

# Samba config file created using SWAT
# from xxxx (x.x.x.x)
# Date: 2000/01/26 15:48:37

# Global parameters
[global]
        workgroup = XXX
        security = DOMAIN
        encrypt passwords = Yes
        min passwd length = 6
        password server = sgu4 sys4
        username map = /usr/local/samba/lib/users.map
        log file = /var/opt/samba/log/%m
        socket options = TCP_NODELAY
        character set = iso8859-1
        wins server = 10.1.20.104
        security mask = 0777
        force security mode = 00
        directory security mask = 0777
        force directory security mode = 00
        lprm command = /usr/bin/cancel %p-%j

[homes]
        read only = No
        browsable = No


Jeremy Allison wrote:
> 
> Johannes Tyve wrote:
> >
> > The ACL is now changed using security tab on my NT 4.0 Workstation and
> > ronnie is granted full access to the directory but...
> 
> I need to know *exactly* what permissions you specified in
> the NT tab.
> 
> My guess is you're not selecting any default ACL
> from the tab - in which case, exactly as NT does, Samba
> will remove default acls.
> 
> Jeremy.
>




More information about the samba-technical mailing list