What evaluates file perms when ACL's are involved?

Michael Lueck mlueck at lueckdatasystems.com
Wed Mar 8 13:02:01 GMT 2006

Jeremy Allison wrote:

> ALL checks are done by the kernel

OK, thus have to contact those developers to seek out any flowchart they might have in understanding how this all works. I mean, though we did not try it yesterday, one thing came to mind that you 
could say userx is the owner/group of the file w/ rwx (native filesystem attr) but then in the acl say that userx has no rwx... "And the result would be?" Those kind of questions.

> If you're absolutely depending on mode bits being correct it's essential
> to stop Samba mapping the DOS attributes into mode bits. Ensure you
> have EA's available on the filesystem and set :
> map hidden = no
> map system = no
> map archive = no
> store dos attributes = yes

OK, will add those to the shares.

We do not have set "nt acl support = yes" but changes made from Windows on the Security tab of a file are showing up on the native Linux file system. So what exactly are we missing by not setting that 

Is "map acl inherit = yes" anything we should be evaluating?

> As I'm employed by Novell, I'd like this to succeed :-). Attached is a
> PhD level paper on how Samba deals with ACLs, in OpenOffice format :-).

Thanks very much, I'll grab OOo and see what is inside.

> Good luck ! Let us know how it goes !

Yes indeed, and thanks for your overnight reply!

Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

More information about the samba-technical mailing list