[Samba] Permission problems with samba 2.2.x
Jeremy Allison
jra at samba.org
Wed May 15 18:12:03 GMT 2002
On Wed, May 15, 2002 at 11:22:41AM +0200, Michael Leun wrote:
> Hello,
>
> Sometimes I have to create and use Navision Databases on samba shares - this
> works with samba 2.0.x but does not with samba 2.2.x (tried 2.2.3a and 2.2.4).
>
> The following tests were done with a acl enabeled samba and an acl aware
> kernel/filesystem, but I also have done these tests with acl not compiled into
> samba on an host without acl in the kernel - same result, does not work, same
> error-messages on the w$ side.
>
> When I create the database the acls look like this:
>
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::r-x
> group::r-x
> mask::rwx
> other::r-x
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18689 from pid 18689)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/READ
> ACL:LARA\test:ALLOWED/0/READ
> ACL:everyone:ALLOWED/0/READ
>
> OK, this has created the database RO (or set the permissions to RO after
> creating). Of course I get an permission error if I restart navision.
>
> But when I create a database on an NTFS drive, the Permissions look like this:
>
> lara:/var/log/samba # smbcacls //mleun/c$ test.fdb -U ml
> INFO: Debug class all level = 0 (pid 18714 from pid 18714)
> Password:
> REVISION:1
> OWNER:VORDEFINIERT\Administratoren
> GROUP:MLEUN\Kein
> ACL:everyone:ALLOWED/0/FULL
>
> Did the same thing (except the Path for the database, of course) but get really
> different acls.
>
> OK, lets set the acls on the database-file and try to open...:
>
> lara:/home/test # setfacl -m u::rwx test.fdb
> lara:/home/test # setfacl -m g::rwx test.fdb
> lara:/home/test # setfacl -m o::rwx test.fdb
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::rwx
> group::rwx
> mask::rwx
> other::rwx
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18730 from pid 18730)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/FULL
> ACL:LARA\test:ALLOWED/0/FULL
> ACL:everyone:ALLOWED/0/FULL
>
> Opening the database fails - access denied.
>
> Now the acls look like this:
>
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::r--
> group::---
> mask::rwx
> other::rwx
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18735 from pid 18735)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/O
> ACL:LARA\test:ALLOWED/0/R
> ACL:everyone:ALLOWED/0/FULL
>
>
> If i change owner/group to root.root and make the file o+rwx the access also
> fails - maybe because the attempt to change the acls fails.
>
> Any ideas?
>
> If I should provide logfiles/debugoutput - no problem, please tell me, what
> loglevel/options i should use to produce meaningful results.
>
> Please CC me, I'm not subscribed.
Can you either send me a copy of the database application so I
can try this myself (preferred), or send me a debug level 10 log
from the smbd so I can see how the ACL requests are being interpreted.
Please do this asap as I'd like to ensure this is fixed for 2.2.5.
Thanks,
Jeremy.
More information about the samba
mailing list