Samba and Solaris 2.6 and ACL

David Collier-Brown davecb at canada.sun.com
Thu Apr 20 14:27:21 GMT 2000


Andrew Wilson wrote:
| For us the Solaris ACL is being honoured by Samba but can result in
less
| permissions granted on destination files and directories than the
ACL
| stipulates, eg.
 
| ACL on a parent directory "test" is as follows:-
| mask:rwx
 
| However a file or a sub-directory created beneath "test" will be
granted
| less permissions for user tuser than desired, eg.

| # file: New Microsoft Word Document.doc
| mask:r--

| directories are the same, eg:
| mask:r-x
 
| I have found that this is an interaction with the
| "create mask" and "directory mask" samba parameters. For the
| previous examples my create mask was 0744 and directory mask
| was 0755. If I change the create mask to 0774 and
| directory mask to 0775, I find that the acl is honoured correctly
| and produces files and directories with the correct permissions.

	Thnak you, kind sir! I finally see what is happening.

	The permission bits one sets when creating or
	modifying a file or directory are ***also**
	applied to the acl, so that if I say
	"chmod g-w", all group ACLs get "w" removed.

	To make it easy to revert, the implementation
	uses a mask, which is set by the open, creat
	or chmod call.

	To make a long story short, you look at the "mask"
	entry in the acl to see what the permission bits
	for the grousp are.  If you don't set enough group
	bits in create mask and directory mask, the group
	premissions in the ACLs are reduced.
	Sounds like something for a FAQ...

	Do I ever feel dumb!

--dave
[See also setfcal(1):
     If  you use the chmod(1) command to change  the  file  group
     owner  permissions on a file with ACL entries, both the file
     group owner permissions and the ACL mask are changed to  the
     new  permissions. Be aware that the new ACL mask permissions
     may change the effective permissions  for  additional  users
     and groups who have ACL entries on the file.
]
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com


More information about the samba mailing list