[Samba] modify permissions fail on new file server.

Sharp, Clint clint.sharp at attws.com
Thu Jan 1 22:49:42 GMT 2004


Do you know if Veritas has ACL support on their file system?  I have to
admit that I'm not familiar with Solaris ACL implementation (I don't
know if it's POSIX).  However, the crux of the matter is, firstly, can
you set ACLs (may use the getfacl and setfacl or other commands on
Solaris) to something outside the traditional user, group, other
permissions UNIX defines and see them in the Windows security tab?  If
not, the only thing I've ever been able to do from the Windows ACL
editor is to change permissions on the entries already listed there,
because with no ACL support that's all the permissions UNIX can handle.

Clint

> -----Original Message-----
> From: samba-bounces+clint=typhoon.org at lists.samba.org 
> [mailto:samba-bounces+clint=typhoon.org at lists.samba.org] On 
> Behalf Of Greg
> Sent: Wednesday, December 31, 2003 4:36 PM
> To: samba at lists.samba.org
> Subject: [Samba] modify permissions fail on new file server.
> 
> 
> Hello, 
> 
> I'm using winbindd with samba 3.0.1.  Everything starts up as 
> expected 
> and tests return the expected results (wbinfo and getent).   Files 
> created via windows  clients are create with the proper ownership and 
> group membership.  When I attempt to modify the permissions via the 
> windows security tab (add another group, change ownership for 
> example) 
> I'll get a win pop up saying 'permission denied" and the 
> below out put 
> will be wrote out to the machine.log.  From a unix shell I can change 
> perms over NFS.
> 
> 
>   fetch uid from cache 3041 -> 
> S-1-5-21-861567501-1262210171-1417111838-1275
> [2003/12/31 16:46:07, 3] smbd/dosmode.c:unix_mode(110)
>   unix_mode(VFX/greg-test/foo) returning 0744
> [2003/12/31 16:46:07, 2] smbd/posix_acls.c:set_canon_ace_list(2414)
>   set_canon_ace_list: sys_acl_set_file type file failed for file 
> VFX/greg-test/foo (Operation not supported).
> [2003/12/31 16:46:07, 3] 
> smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2499)
>   convert_canon_ace_to_posix_perms: Too many ACE entries for file 
> VFX/greg-test/foo to convert to posix perms.
> [2003/12/31 16:46:07, 3] smbd/posix_acls.c:set_nt_acl(3140)
>   set_nt_acl: failed to convert file acl to posix permissions 
> for file 
> VFX/greg-test/foo.
> [2003/12/31 16:46:07, 3] smbd/error.c:error_packet(94)
>   error string = Operation not supported
> 
> 
> As the file appears from UNIX:
> drwxr-xr-x    2 greg     Domain Users       96 Dec 31 16:29 foo
> The dir this is in has a mode of 777 and is owned by 'greg'.
> 
> Samba was built with:
> configure --with-ads --with-pam --with-winbind-auth-challenge 
> --with-acl-support --with-winbind  --prefix=/opt/samba
> 
> The physical setup is as such: 
> W2kCLIENTS<---smb--->SAMBA-SERVER<---nfs--->NFS-SERVER===DISKARRAY
> 
> SAMBA-SERVER has 2 interfaces on it,  one samba listens on,  
> the other 
> is used for NFS traffic.
> NFS-SERVER has the physical drives attached to it,  using veritas 
> cluster file system version 3.x
> SAMBA-SERVER mounts the drives under /n/fire/array.  this is also 
> defined within smb.conf.
> 
> My question:  Why can I not change ACL's on the file system?  
> Is there 
> something I can do to correct this?
> I see it mentions to many ACE entries to convert to posix, I used a 
> local XFS file system a while ago and
>  things seemed to work as expected,  but this is no longer an option.
> 
> Thanks for your input,
> greg
> 
> 
> smb.conf:
> 
> [global]
>         workgroup = CDP
>         server string = Render Services %v
>         security = DOMAIN
>         interfaces = eth0
>         encrypt passwords = Yes
>         log level = 1
>         log file = /opt/samba/log/%m.log
>         max log size = 1000
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         os level = 23
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         idmap uid = 3000-4000
>         idmap gid = 3000-4000
>         winbind use default domain = Yes
>         admin users = @systems
>         hosts allow = 172.16.92., 172.16.93., 172.16.94., 
> 172.16.95., 127.
>         map acl inherit = Yes
> # since we have 2Gs of memory, lets see how this works out. -greg
>         write cache size = 1048576  
>         winbind cache time = 300
>         template homedir = /home/winnt/%D/%U
>         template shell = /bin/tcsh
> 
> 
> [array]
>         path = /n/fire/array
>         read only = No
>         guest ok = Yes
> 
> mount:
> 
> fire:/export/array1 on /n/fire/array type nfs 
> (rw,bg,vers=3,soft,intr,addr=172.16.92.90)
> fire:/export/array2 on /n/fire/array/VFX type nfs 
> (rw,bg,vers=3,soft,intr,addr=172.16.92.90)
> 
> 
> Versions:
> SAMBA-SERVER
> Samba 3.0.1
> kernel 2.4.23-xfs
> NFS-SERVER:
> Solaris9 12-03 sparc
> Veritas 3.5
> Clients:
> NT2k w/ 500 patches.
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


More information about the samba mailing list