[Samba] Re: inherit acls not working

S. J. van Harmelen sander.vanharmelen at isp.solcon.nl
Wed Aug 9 05:02:19 GMT 2006 

Strange enough it seems the other way around?! When I mount with
user_xattr support I get an 'store_inheritable_attributes 
: Error permission denied' in my samba.log, and see that the default
acls aren't inherited.

But when I remount without user_xattr, then everything works fine and
the default acls are inherited without any errors...?!

But I do need the user_xattr for other things. So how can I get this to
work?

Sander


On di, 2006-08-08 at 15:39 +0200, éric le hénaff wrote:
> i think your kernel needs EA (extended attributes) for acls inheritance 
> to work.
> regards
> S. J. van Harmelen a écrit :
> > To my knowledge the 'inherit acls' option should make new files inherit
> > the default acls from the containing folder... Please correct me if I'm
> > wrong!
> > 
> > But when I turn this setting on, it just don't seem to work... In other
> > words, newly created files do not get the default acls from the
> > containing folder...
> > 
> > Please advice anyone... (running Samba 3.0.21b-1 on Debian Sarge)
> > 
> > =====================================================================
> > 
> > [global]
> >         security = ads
> >         password server = server01
> >         encrypt passwords = true
> >         workgroup = workgroup
> >         realm = DOMAIN.LOCAL
> >         netbios name = server
> > 
> >         log file = /var/log/samba/samba.log
> >         log level = 2
> >         syslog = 0
> > 
> >         nt acl support = yes
> > #       map acl inherit = yes
> > 
> >         max mux = 2048
> > 
> >         change notify timeout = 5
> > 
> >         idmap uid = 10000-20000
> >         idmap gid = 10000-20000
> >         winbind enum users = yes
> >         winbind enum groups = yes
> >         winbind nested groups = yes
> >         winbind use default domain = yes
> > 
> > [wwwroot]
> >         comment = wwwroot
> >         path = /usr/home/ws.old/wws01
> >         read only = no
> >         browsable = yes
> >         writable = yes
> >         dos filemode = yes
> >         acl group control = yes
> > 	inherit acls = yes
> >         veto oplock files = /*.mdb/*.MDB/
> >         create mask = 0770
> >         force create mode = 0440
> >         directory mask = 0771
> >         force directory mode = 0771
> >         security mask = 0777
> >         force security mode = 0440
> >         directory security mask = 0777
> >         force directory security mode = 0771
> > 
> > 
> > 
> > 
>

More information about the samba mailing list