Samba, XFS and NT acls
Siavosh Akhtary
s.akhtary at teraport.se
Mon Dec 3 09:31:05 GMT 2001
Dear All,
I wonder if someone could help me with a problem I have on a Linx
fileserver with Samba 2.2.2, XFS and NT acls.
The situation is like this:
On a SuSE 7.3 distribution the 2.4.14 kernel is patched with XFS
patches and copiled with support for XFS and acl, as stated on XFS
project page at SGI. Further all the XFS binaries are installed.
Samba 2.2.2 is configured and compiled with the following
configuration options:
./configure --prefix=/usr --libdir=/usr/lib/samba \
--with-codepagedir=/usr/share/samba/codepages \
--localstatedir=/var/lib/samba --sbindir=/usr/sbin \
--mandir=/usr/share/man --with-privatedir=/etc/samba \
--with-configdir=/etc/samba --with-swatdir=/usr/share/samba/swat \
--with-acl-support --with-quotas
[global]
netbios name = xxxx
workgroup = xxxxx
server string = Samba Server at xxxx
os level = 64
preferred master = yes
domain master = yes
local master = yes
security = domain
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain logons = yes
logon drive = H:
logon home = \\srvmuc1\%u
logon script = logon.cmd
#add user script = /usr/sbin/useradd -d /dev/null -g 200 -s
/bin/false -m %u
add user script = /usr/share/samba/scripts/addmscomp.sh %u
hosts allow = 10.10. 10.11 10.12 127.
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = no
#============== Share Definitions ==================
[netlogon]
comment = Network Logon Service
path = /usr/share/samba/netlogon
writeable = no
guest ok = yes
[homes]
comment = Home Directories
browseable = no
writable = yes
nt acl support = yes
security mask = 0700
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
Now everything including Samba acting as PDC works just fine. The
startup scripts are run and everything is very cool beside file and
directory permissions :-(
I have a user called "siavosh", who is part of the "users" group.
With this user loged in to an NT 4 SP 6 I create a file on the H:
drive and of course the permissions will be the as stated under the
share definition of homes (0700), just to be a quick check at the
terminal prompt confirms that.
Now in the NT explorer I right click on the file, choose
properties/security/permissions and add a read permission for the
group dba to the file and click Apply, OK or whatever.
This works just fine in the NT environment , and also if I do a
getfacl myfile.txt the correct permissions are there:
# file: myfile.txt
# owner: siavosh
# group: users
group:dba:r--
user::rwx
group::---
other::---
mask::rwx
but if I do check the UNIX file permissions with ls i get the
following:
# ls -l myfile.txt
-rwxrwx--- 1 siavosh users 15 Nov 30 16:27 myfile.txt
which is not correct, since I did not change the group permissions
with the chmod.
The funny think is if I try to modify the file with another user in
the "users" group I get "permission denied, file is read only"
Any ideas?
More information about the samba
mailing list