[Samba] Problem with invisible folders by using posix ACLs & the hide unreadable parameter (Samba-3.0.4/Linux)

Thorsten Leiser t.leiser at gmx.de
Tue May 25 18:53:08 GMT 2004


Hi,

we've got a worse problem with our s.3.0.4 file server. The server is 
configured as a domain member server and is running in security=ADS 
mode. We use the hide unreadable parameter in conjunction with posix 
ACLs to ensure, that our users only see those folders, on which they 
have been authorized. With s.2.2.8a everything worked fine. Yesterday we 
migrated to s.3.0.4 and have now the following problem:
When a user connects a share by using either the NetBIOS- or DNS-Name of 
the samba server, the posix acls on the directory(ies) aren't 
interpreted correctly. A user, who normally has necessary rights to 
access the directories doesn't see them. The directory(ies) keep 
invisible. Enabling or disabling NetBIOS on the Win2k/XP-Clients didn't 
help. The only workaround is to connect the share, by using the ip 
address of the samba server instead of the server name. Then the 
appearance of the folders match exactly as they did under s.2.2.8a. As 
far as i could examine (i'm not shure) its seems that only user-acls, 
set on the directories,  get badly interpreted. If a user is member of 
the domain-group, which has positive acls on the directory, he's able to 
see and access the directory. Sorry, but the logs  didn't help to 
isolate the problem.
Our system is a SuSE Linux Standard Server (UnitedLinux 1.0/Kernel 
2.4.21-138) running s.3.0.4 built from the s.3.0.4-6 source rpm provided 
by sernet. The filesystem for the user data is XFS. By now, i attach the 
global-section and the definition of a affected share.

Thank you all for your effort!

[global]
        unix charset = ISO8859-15
        display charset = ISO8859-15
        workgroup = SCHARRNET
        realm = SCHARRNET.DE
        server string =
        security = ADS
        password server = maire.scharrnet.de, maitre.scharrnet.de
        socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
        os level = 2
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /data/home/%U
        winbind separator = +
        strict locking = No

[Rechnungswesen]
        comment = Abteilungslaufwerk Rechnungswesen auf %L
        path = /data/abt/Rechnungswesen
        valid users = 'SCHARRNET+Mandant 001 
Scharr_Stuttgart_Buchhaltung', 'SCHARRNET+Mandant 001 
Scharr_Stuttgart_Controlling', SCHARRNET+Ad
ministrator
        read only = No
        create mask = 0660
        directory mask = 0770
        hide unreadable = Yes
        browseable = No
        volume = DATA
        dos filetimes = Yes
        dos filetime resolution = Yes
        fake directory create times = Yes




More information about the samba mailing list