[Samba] (no subject)
Jeremy Allison
jra at samba.org
Thu Apr 14 23:27:50 GMT 2005
On Fri, Apr 15, 2005 at 09:23:13AM +1000, Grant Bigham wrote:
>
> I have an issue with W2K/XP using Folder Redirection to a Samba homes share
> (or any share for that matter). This is only a problem when access for a
> user is via an ACE (ACL) and not the traditional file system permissions.
> So for example (user is test in this example):
> # ls -ld History/
> drwxrwx---+ 3 root root 4096 Apr 12 21:15 History/
> # getfacl History
> # file: History
> # owner: root
> # group: root
> user::rwx
> user:test:rwx
> group::r-x
> group:c-l-management:rwx
> group:q-l-management:rwx
> group:c-l-management (read):r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:test:rwx
> default:group::r-x
> default:group:c-l-management:rwx
> default:group:q-l-management:rwx
> default:group:c-l-management (read):r-x
> default:mask::rwx
> default:other::---
>
> I have also tried this using the "profile acls = yes" option, but with no
> success (works fine if similar permissions are used for raoming profiles
> tho, as it was designed to do).
>
> It seems that Windows may be trying to set acls on index.dat which seems to
> fail if default (parent) permissions come from ACLs only. Here's an
> indication of this from the samba log:
> [2005/04/12 21:44:55, 2] smbd/posix_acls.c:set_canon_ace_list(2436)
> set_canon_ace_list: sys_acl_set_file failed for file
> k-drive/History/History.IE5/MSHist012005041220050413/index.dat (Operation
> not permitted).
> [2005/04/12 21:44:55, 2] smbd/close.c:close_normal_file(270) DBR05A+cath
> closed file k-drive/History/History.IE5/MSHist012005041220050413/i
> ndex.dat (numopen=3)
>
> Any help would be appreciated. I expect that this may be an Samba issue
> that might need to be looked at by the samba-technical gods.
Can you send me a capture trace and the full debug level 10 log from smbd
please ? Also an ACL dump of the files and directories involved, and the
output from id of the user involved (so I can work out what groups are in
their token).
Thanks,
Jeremy.
More information about the samba
mailing list