Samba, XFS and NT acls

Siavosh Akhtary s.akhtary at teraport.se
Mon Dec 3 09:31:05 GMT 2001


Dear All,

I wonder if someone could help me with a problem I have on a Linx 
fileserver with Samba 2.2.2, XFS and NT acls.

The situation is like this:

On a SuSE 7.3 distribution the 2.4.14 kernel is patched with XFS 
patches and copiled with support for XFS and acl, as stated on XFS 
project page at SGI. Further all the XFS binaries are installed.

Samba 2.2.2 is configured and compiled with the following 
configuration options:
./configure --prefix=/usr --libdir=/usr/lib/samba \
--with-codepagedir=/usr/share/samba/codepages \
--localstatedir=/var/lib/samba --sbindir=/usr/sbin \
--mandir=/usr/share/man --with-privatedir=/etc/samba \ 
--with-configdir=/etc/samba --with-swatdir=/usr/share/samba/swat \ 
--with-acl-support  --with-quotas


[global]
 netbios name = xxxx
 workgroup = xxxxx
 server string = Samba Server at xxxx
 os level = 64
 preferred master = yes
 domain master = yes
 local master = yes
 security = domain
 encrypt passwords = yes
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 domain logons = yes
 logon drive = H:
 logon home = \\srvmuc1\%u
 logon script = logon.cmd
 #add user script = /usr/sbin/useradd -d /dev/null -g 200 -s 
/bin/false -m %u
 add user script = /usr/share/samba/scripts/addmscomp.sh %u
 hosts allow = 10.10. 10.11 10.12 127.
 log file = /var/log/samba/log.%m
 max log size = 50
 dns proxy = no
#============== Share Definitions ==================
[netlogon]
	  comment = Network Logon Service
        path = /usr/share/samba/netlogon
        writeable = no
        guest ok = yes

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        nt acl support = yes
        security mask = 0700

[tmp]
   comment = Temporary file space
   path = /tmp
   read only = no
   public = yes

Now everything including Samba acting as PDC works just fine. The 
startup scripts are run and everything is very cool beside file and 
directory permissions :-(

I have a user called "siavosh", who is part of the "users" group.
With this user loged in to an NT 4 SP 6 I create a file on the H: 
drive and of course the permissions will be the as stated under the 
share definition of homes (0700), just to be a quick check at the 
terminal prompt confirms that.

Now in the NT explorer I right click on the file, choose 
properties/security/permissions and add a read permission for the 
group dba to the file and click Apply, OK or whatever.

This works just fine in the NT environment , and also if I do a 
getfacl myfile.txt the correct permissions are there:

# file: myfile.txt
# owner: siavosh
# group: users
group:dba:r--
user::rwx
group::---
other::---
mask::rwx

but if I do check the UNIX file permissions with ls i get the 
following:
# ls -l myfile.txt
-rwxrwx---    1 siavosh  users          15 Nov 30 16:27 myfile.txt

which is not correct, since I did not change the group permissions 
with the chmod.

The funny think is if I try to modify the file with another user in 
the "users" group I get "permission denied, file is read only"

Any ideas?




More information about the samba mailing list