[Samba] ACLs with samba

Tom Hallewell hallewellt at rfa.org
Thu Nov 21 21:13:48 GMT 2002


Hi-
I am experiencing some odd behavior with ACLs with winbindd using Samba 2.6
on Debian Woody (kernel version 2.4.18).
1.  I am unable to alter permissions from Win2K clients using the
Properties->Security interface.  Is this normal?  I get the "Unable to save
Permission Changes on new Folder.  Access is denied."  message.  This occurs
with all accounts, both privileged and unprivileged.


2.  Permissions set using
setfacl -m u:DOMAIN\USER:rwx
alter the permissions just fine, but do not show up in the
Properties->Security interface.
If I run
chmod DOMAIN\USER.DOMAIN\USER
it shows up.

The permissions show up correctly if a file or directory is created on the
share from a Win client, but cannot be modified once created, and the ACL
info is not seen.

Is this behavior normal, or am I doing something wrong?

Here is the relevant section of smb.conf:
[SHARE]
   comment = Blah blah
   path = /usr/tmp/share
  valid users = @DOMAIN\Group1 @DOMAIN\Group2
   public = no
   writable = yes
   printable = no
   create mask = 0770
   directory mode = 0770
   force create mode = 0770
   force directory mode = 0770

Here is the output from
getfacl /usr/tmp/share
getfacl: Removing leading '/' from absolute path names
# file: usr/tmp/BUR
# owner: mpgmover
# group: mpgmover
user::rwx
group::rwx
group:DOMAIN\Group1:rwx
group:DOMAIN\Group2:rwx
mask::rwx
other::---

Any input would be appreciated.
Thanks
Tom Hallewell
Radio Free Asia
Washington DC






More information about the samba mailing list