[Samba] Permission problems with samba 2.2.x

Michael Leun ml at newton.leun.net
Wed May 15 02:26:02 GMT 2002 

Hello,

Sometimes I have to create and use Navision Databases on samba shares - this
works with samba 2.0.x but does not with samba 2.2.x (tried 2.2.3a and 2.2.4).

The following tests were done with a acl enabeled samba and an acl aware
kernel/filesystem, but I also have done these tests with acl not compiled into
samba on an host without acl in the kernel - same result, does not work, same
error-messages on the w$ side.

When I create the database the acls look like this:

lara:/home/test # getfacl test.fdb
# file: test.fdb
# owner: test
# group: test
user::r-x
group::r-x
mask::rwx
other::r-x

lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
INFO: Debug class all level = 0   (pid 18689 from pid 18689)
Password:
REVISION:1
OWNER:LARA\test
GROUP:LARA\test
ACL:LARA\test:ALLOWED/0/READ
ACL:LARA\test:ALLOWED/0/READ
ACL:everyone:ALLOWED/0/READ

OK, this has created the database RO (or set the permissions to RO after
creating). Of course I get an permission error if I restart navision.

But when I create a database on an NTFS drive, the Permissions look like this:

lara:/var/log/samba # smbcacls //mleun/c$ test.fdb -U ml
INFO: Debug class all level = 0   (pid 18714 from pid 18714)
Password:
REVISION:1
OWNER:VORDEFINIERT\Administratoren
GROUP:MLEUN\Kein
ACL:everyone:ALLOWED/0/FULL

Did the same thing (except the Path for the database, of course) but get really
different acls.

OK, lets set the acls on the database-file and try to open...:

lara:/home/test # setfacl -m u::rwx test.fdb
lara:/home/test # setfacl -m g::rwx test.fdb
lara:/home/test # setfacl -m o::rwx test.fdb
lara:/home/test # getfacl test.fdb
# file: test.fdb
# owner: test
# group: test
user::rwx
group::rwx
mask::rwx
other::rwx

lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
INFO: Debug class all level = 0   (pid 18730 from pid 18730)
Password:
REVISION:1
OWNER:LARA\test
GROUP:LARA\test
ACL:LARA\test:ALLOWED/0/FULL
ACL:LARA\test:ALLOWED/0/FULL
ACL:everyone:ALLOWED/0/FULL

Opening the database fails - access denied.

Now the acls look like this:

lara:/home/test # getfacl test.fdb
# file: test.fdb
# owner: test
# group: test
user::r--
group::---
mask::rwx
other::rwx

lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
INFO: Debug class all level = 0   (pid 18735 from pid 18735)
Password:
REVISION:1
OWNER:LARA\test
GROUP:LARA\test
ACL:LARA\test:ALLOWED/0/O
ACL:LARA\test:ALLOWED/0/R
ACL:everyone:ALLOWED/0/FULL


If i change owner/group to root.root and make the file o+rwx the access also
fails - maybe because the attempt to change the acls fails.

Any ideas?

If I should provide logfiles/debugoutput - no problem, please tell me, what
loglevel/options i should use to produce meaningful results.

Please CC me, I'm not subscribed.

-- 
MfG,


Michael Leun

More information about the samba mailing list