[Samba] Error with ACLs and follow symlinks=no

Tom Dickson tdickson at inostor.com
Wed Nov 17 00:26:22 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately I don't know how to set ACLs with smbclient.

What I've got is a Windows 2000 MixedMode domain, and a windows 2000
client. I use the client to set the ACLs:

getfacl A
# file: A
# owner: MIXEDDOMAIN+administrator
# group: MIXEDDOMAIN+Domain Users
user::rwx
group::---
group:MIXEDDOMAIN+A:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:MIXEDDOMAIN+A:rwx
default:mask::rwx
default:other::---

That works fine. (There is a directory B, similar to A above that has
permissions for B). But when User A tries to open directory B, I get the
error.

Note that group A has bobA as a member, group B has bobB.

Here's the smbclient output:

smbclient //localhost/testSMB -U MIXEDDOMAIN+boba
Password:
Domain=[MIXEDDOMAIN] OS=[Unix] Server=[Samba 3.0.8]
smb: \> ls
~  .                                   D        0  Tue Nov 16 16:17:42 2004
~  ..                                  D        0  Tue Nov 16 15:21:11 2004
~  A                                   D        0  Tue Nov 16 15:39:10 2004
~  B                                   D        0  Tue Nov 16 15:39:16 2004
~  A.txt                               R        0  Tue Nov 16 16:17:29 2004
~  B.txt                               R        0  Tue Nov 16 16:17:37 2004

~                56180 blocks of size 2097152. 56176 blocks available
smb: \> cd A
smb: \A\> cd ..
smb: \> cd B
smb: \B\> ls
NT_STATUS_OBJECT_PATH_NOT_FOUND listing \B\\*

~                56180 blocks of size 2097152. 56176 blocks available
smb: \B\>

I'm trying it again with direct users in the ACLs instead of groups.

- -Tom

Jeremy Allison wrote:
| On Tue, Nov 16, 2004 at 04:07:15PM -0800, Tom Dickson wrote:
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>We had 3.0.2a which worked fine. If you tried to open a file that the
|>ACLs wouldn't let you, you'd get access denied. We had follow
|>symlinks=no in smb.conf
|>
|>Now with 3.0.8, and no other changes, we get a message about "The file
|>has moved or otherwise gone away," instead of access denied.
|>
|>And we get this in the log file:
|>
|>[2004/11/16 15:57:25, 1] smbd/vfs.c:reduce_name(896)
|>~  reduce_name: couldn't get realpath for B/*
|>
|>Changing follow symlinks=yes fixed it. Is this a bug? I'd like to use
|>ACLs and follow symlinks=no.
|
|
| What client are you using to open the file ? I'll check this for
| 3.0.10 as I'm currently working in this area. It'd be easiest if
| you could reproduce using smbclient - can you give me an exact
| method to reproduce (paths you're using, acls you have set etc).
|
| Jeremy.
|
| .
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBmpqu2dxAfYNwANIRAhkEAKCWHST/SfgjbW23ynaGnttpgrteEACdEMes
ueN1avkM2RABQGuucvYpIpc=
=7Ccl
-----END PGP SIGNATURE-----


More information about the samba mailing list