[Samba] More help on ACL problem please...anyone...anyone...Bueller?

Travis Bullock tbullock at avmax.ca
Mon Jan 24 15:59:40 GMT 2005


Hello,

I am running Fedora Core 2.

Kernel: linux-2.6.5-1.358

Kernel supports ACL:

[root at atlas configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_XFS_SECURITY=y
CONFIG_DEVPTS_FS_SECURITY=y
[root at atlas configs]# grep XATTR kernel-2.6.5-i686-smp.config
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT3_FS_XATTR=y
CONFIG_DEVPTS_FS_XATTR=y

Have extended attributes set in /etc/fstab is as follows:

/dev/Goliath/root       /                       ext3    acl,user_xattr  1 1

I have a directory called Planning with ACL permissions assigned via the
setfacl command:

drwxrwx---+  2 root           AVMAX+Planning     4096 Jan 14 09:55 Planning

which looks like this with getfacl:

[root at atlas avamx_shares]# getfacl Planning/
# file: Planning
# owner: root
# group: AVMAX+Planning
user::rwx
group::rwx
group:AVMAX+Domain Users:r--
mask::rwx
other::---

Problem:

If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is no
problem. I can browse to the Planning directory via My Network Places.
However if I remove my account from the AVMAX+Planning group and browse to
the Planning directory it prompts me for a password.  Because my account is
by default a member of the AVMAX+Domain Users and I have configured (i
think) the Planning directory ACL to allow read access to the AVMAX+Domain
Users group.....I should be able to browse this directory without being
prompted for a username and password....

QUESTION:  What did I do wrong or not do at all to make the applied ACL
function correctly and allow all users in the AVMAX+Domain Users group read
acces to the Planning samba share?

Cheers,

Travis



More information about the samba mailing list