[Samba] Problem with invisible folders by using posix ACLs & the
hide unreadable parameter (Samba-3.0.4/Linux)
Thorsten Leiser
t.leiser at gmx.de
Tue May 25 18:53:08 GMT 2004
Hi,
we've got a worse problem with our s.3.0.4 file server. The server is
configured as a domain member server and is running in security=ADS
mode. We use the hide unreadable parameter in conjunction with posix
ACLs to ensure, that our users only see those folders, on which they
have been authorized. With s.2.2.8a everything worked fine. Yesterday we
migrated to s.3.0.4 and have now the following problem:
When a user connects a share by using either the NetBIOS- or DNS-Name of
the samba server, the posix acls on the directory(ies) aren't
interpreted correctly. A user, who normally has necessary rights to
access the directories doesn't see them. The directory(ies) keep
invisible. Enabling or disabling NetBIOS on the Win2k/XP-Clients didn't
help. The only workaround is to connect the share, by using the ip
address of the samba server instead of the server name. Then the
appearance of the folders match exactly as they did under s.2.2.8a. As
far as i could examine (i'm not shure) its seems that only user-acls,
set on the directories, get badly interpreted. If a user is member of
the domain-group, which has positive acls on the directory, he's able to
see and access the directory. Sorry, but the logs didn't help to
isolate the problem.
Our system is a SuSE Linux Standard Server (UnitedLinux 1.0/Kernel
2.4.21-138) running s.3.0.4 built from the s.3.0.4-6 source rpm provided
by sernet. The filesystem for the user data is XFS. By now, i attach the
global-section and the definition of a affected share.
Thank you all for your effort!
[global]
unix charset = ISO8859-15
display charset = ISO8859-15
workgroup = SCHARRNET
realm = SCHARRNET.DE
server string =
security = ADS
password server = maire.scharrnet.de, maitre.scharrnet.de
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
os level = 2
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /data/home/%U
winbind separator = +
strict locking = No
[Rechnungswesen]
comment = Abteilungslaufwerk Rechnungswesen auf %L
path = /data/abt/Rechnungswesen
valid users = 'SCHARRNET+Mandant 001
Scharr_Stuttgart_Buchhaltung', 'SCHARRNET+Mandant 001
Scharr_Stuttgart_Controlling', SCHARRNET+Ad
ministrator
read only = No
create mask = 0660
directory mask = 0770
hide unreadable = Yes
browseable = No
volume = DATA
dos filetimes = Yes
dos filetime resolution = Yes
fake directory create times = Yes
More information about the samba
mailing list