[Samba] ACL: some maybe stupid questions

Damir Dezeljin programing at mbss.org
Tue Apr 8 10:32:07 GMT 2003


Hi.

I want to use ACL on my RH-9.0 box (x86), so I got ext3 ACL patch from
http://acl.bestbits.at/ and tried to apply it to the kernel that ships
with RH (2.4.20-8). The patching fails on some vm file so I got a vanila
kernel 2.4.20, apply the patch and compile it. This works fine. Also
RH-9.0 precompiled Samba 2.2.7 works fine with ACL.

I connected to my share with WinXP and do some testing with ACLs. After
setting some permisions I checked in UNIX console what happens and I
got:
----
# ls -ald mydir; getfacl mydir
drwxrwx---    3 PDC\my_user PDC\Domain Users   4096 Apr  8 10:05 mydir

mydir
# file: mydir
# owner: PDC\my_user
# group: PDC\Domain Users
user::rwx
user:PDC\test01:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:user:PDC\test01:rwx
default:group::r--
default:mask::rwx
default:other::r--
----

I don't understand why the directory has rwx permisions for the group - I
removed 'Domain Users' from the security window, however it apears back
with only 'special permision' set (what is this special permision)?

I also removed the Everyone group, however it happens the same thing as
with 'Domain Users'.

What does ACL 'group::---' means ... does this mean that this is the
'default' permision for all groups?

And what is the ACL 'mask::rwx'?

What means ACLs that starts with 'default:'?

Can I set inheritance somehow? << I want to force read permisions for a
certain group on all directories and subdirectories (this group will not
be a Domain group - I will add it localy on samba server)?

How you backup such shares (I don't want to use star ... is there any
tree-walk script that colects all ACLs and add them to the database for
later use or do I have to implement such a script?).

Regards,
Dezo



More information about the samba mailing list