SOLUTION - Re: [Samba] Cannot delete files from samba share

Adam Nielsen adam.nielsen at uq.edu.au
Mon Jun 5 07:55:47 GMT 2006 

> In Samba, I can create a file in his directory (which tells me the
> acl's are working) and I can edit it and save it as well.  However, I
> cannot rename it or delete it.

Okay, I think I've finally got a solution to this - and it's not a bug
in Samba ;-)

The problem (for me at least) was that even though it *looks* like ACLs
are being enabled, if you look closely at 'configure', they're not:

  ./configure --with-acl-support

  checking whether to support ACLs...
  checking for getxattr in -lattr... yes
  checking for acl_get_file in -lacl... no
  checking for ACL support... no

That last line indicates that Samba isn't actually using ACLs.  Perhaps
the kernel is partially implementing the ACLs, which is why sometimes
it seems to work.

The problem was that 'libacl' doesn't seem to install itself properly,
and my distro shipped with the incomplete install.  In order to fix it
I had to make a new symlink to the library:

  $ cd /lib
  $ ln -s libacl.so.1.1.0 libacl.so
  $ ldconfig

Which fixed the "-lacl" problem with configure (now that it could
find libacl), and then I had to install the missing acl header.

  $ cd acl-2.2.34
  $ mkdir /usr/include/acl
  $ cp include/acl.h /usr/include/acl/
  $ cp include/acl.h /usr/include/sys/

I downloaded the acl-2.2.34 package from here:

  ftp://oss.sgi.com/projects/xfs/cmd_tars

(or follow the links from http://acl.bestbits.at/ - libacl is
distributed alongside XFS, so you'll need to go via the XFS site.)

This made the acl.h file available and configure could find it:

  checking whether to support ACLs...
  checking for getxattr in -lattr... yes
  checking for acl_get_file in -lacl... yes             
  checking for ACL support... yes                       
  Using posix ACLs

And at last the permissions seemed to behave more like I expected them
to.  I still couldn't delete the file I was trying to delete, but now I
can no longer edit it or create new files in the directory, so be
careful of the increased restrictions once your ACLs are fully enforced!

If this works for you, please post back to the list as I'm keen to know
if it helps anyone.

Cheers,
Adam.

More information about the samba mailing list