[Samba] Re: Samba & ACLs?

Fajar Priyanto fajarpri at cbn.net.id
Fri Aug 24 07:08:38 GMT 2007


On Friday 24 August 2007 08:49:34 Chuck Kollars wrote:
> > From: Chuck Kollars <ckollars9 <at> yahoo.com>
> > Subject: Samba & ACLs?
> > Date: 2006-08-19 02:46:45 GMT
> >
> > How exactly do Samba 3.x and ACLs interrelate? ...
> > I started out naively assuming that the *nix
> > uidNumber/gidNumber Samba mapped the end user to
> > would behave exactly the same whether they were a
> > Samba user or were logged on locally. ...
>
> After a year I think I understand well enough to
> answer my own question (of course I may be wrong
> anyway:-): The overdefined term ACL may refer to
> _either_ Windows file permissions (including the NT
> variant) _or_ the Linux/Posix file permissions
> extension. In the Samba context questions about "ACL"s
> can be indeterminate and often elicit answers from the
> other point of view.
>
> At root, Samba does everything in terms of the Windows
> ACL, then maps the result as best it can to *nix
> permissions.
>
> Samba offers a number of configuration options for
> tweaking the way it handles Windows ACLs, including
> some methods that have no exact analogue in the
> Windows world. Samba lets you mash --within limits--
> the *nix permission bits it calculates. Recent
> versions of Samba are pretty good --again within
> limits-- at being compatible with Linux/Posix ACLs and
> assigning a Linux/Posix ACL to every file and folder
> when it's created.
>
> But despite all the possible tweaks, the unchanging
> core is that Samba always calculates the initial *nix
> permissions according to its mapping of permissions
> from the Windows world. So even though most of a
> Linux/Posix ACL may be retained and even honored,
> Samba ignores the  default:user::xxx  and
> default:group::xxx  parts of a  Linux/Posix ACL.
> There's no way to configure Samba so it assigns
> permissions to new files and folders _exactly_ the
> same way a native Linux user would see them.

Hello Chuck, 
Thank you for your persistence and willingness to share your experience. 
Really interesting.

I found an interesting thing too this morning.
I'm using Samba LDAP. When I'm setting up a shared directory using ACL.

[root at centos5a profiles]# getfacl profiles/userjauh1/
# file: userjauh1
# owner: userjauh1
# group: root
user::rwx
user:salesjauh1:rwx
group::r-x
mask::rwx
other::r-x


When client's XP logon as userjauh1 and share his directory to salesjauh1, it 
shows in Linux'es ACL.
[root at centos5a profiles]# getfacl userjauh1/New\ Folder
# file: New\040Folder
# owner: userjauh1
# group: w2kfinance
user::rwx
user:salesjauh1:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:salesjauh1:rwx
default:group::---
default:mask::rwx
default:other::---

What do you think?
-- 
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial 
http://linux2.arinet.org
14:08:23 up 2:42, 2.6.20-16-generic GNU/Linux 
Let's use OpenOffice. http://www.openoffice.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20070824/4741c34c/attachment.bin


More information about the samba mailing list