What evaluates file perms when ACL's are involved?

Michael Lueck mlueck at lueckdatasystems.com
Thu Mar 23 20:39:13 GMT 2006

Jeremy Allison wrote:

> As I'm employed by Novell, I'd like this to succeed :-). Attached is a
> PhD level paper on how Samba deals with ACLs, in OpenOffice format :-).
> Good luck ! Let us know how it goes !

Well, slow progress (in my opinion) on this client. Implemented a new smb.conf that day based on merging theirs and our standard together, then updated it per your suggestions.

They still get some random "access denied" issues, perms seem fine on the files... sent them a procedure on getting some log level 10 data. They say it seems these files in question can't be deleted 
in this case if the client OS is XP, but it is OK with NT40. Anyway, jury remains out until I see logs from the following / documenting how they followed the procedure I sent. Clean room detail person 
talking! ;-)

However, we have one script that a client uses that causes random "access denied" so I start to wonder if there is maybe some random glitch in the latest code. Since this is our bug, I have a "bit" 
better control over getting logs, etc... I say a "bit" as it is very random that this script will throw the error. I'll pass it along as maybe you have seen static on your radar map, and might have 
input, already have a log 10, who knows... anyway, would just like your feedback.

Our script among other things, is creating a zip file on the Samba server over a drive mapping. InfoZip command line tools (zip.exe) is the exe running at the time. Client OS is Win2K SP4 with all hot 
fixes. This program zips to a temp filename, then renames it once it has successfully completed zipping. Randomly / rarely zip gets "access denied" from the server while it is trying to do the rename. 
Here are the filesystem stats on a completed zip file, temp filenames InfoZip creates always have the exact same details.

# ls -al 20060322.zip
-rw-rw-rw-  1 iserve iserve 183041601 2006-03-22 16:28 20060322.zip

# getfattr -d 20060322.zip
# file: 20060322.zip

# getfacl 20060322.zip
# file: 20060322.zip
# owner: iserve
# group: iserve

And some smb.conf related settings for you...

;New things global to all shares for ACL support...
    map hidden = no
    map system = no
    map archive = no
    store dos attributes = yes

    comment = Shared Application Data Files
    path = /srv/shares/data
    guest ok = no
    read only = no
    create mask = 0666
    directory mask = 0777

I am preping for ACL support, but as of yet no ACL's are being placed on the filesystem by Linux, nor has Samba been told to inherit them or other ACL related settings.

Now, short of me getting a log level 10 in my hands for "access denied" when InfoZip tries to do the rename... does this sound at all familiar?

Michael Lueck
Lueck Data Systems

Remove the upper case letters NOSPAM to contact me directly.

More information about the samba-technical mailing list