[Samba] permission/acl troubles
Roel van Meer
rolek at alt001.com
Tue Oct 9 14:16:51 GMT 2007
Hi list,
Since I've upgraded from samba 3.0.23c to 3.0.25c my ACL's don't work as
expected anymore. I'm not sure where the problem is, however. The symptoms
are simple: with 3.0.23c, I could grant and revoke user, group and world
write access to and from files in a share. With 3.0.25c, I can't do that
anymore. When I deselect group or world read access and apply the changes,
I don't get an error, but the permissions aren't changed either.
The release notes mention that posix acl support has been moved to a vfs
module, but I'm wondering if the problem I have is there: I'm having trouble
also with the normal permissions of the files.
I compiled samba with --with-acl-support and
--with-static-modules=vfs_posixacl, while setting 'vfs objects = posixacl'
in the config stanza for the specific share, but no luck.
Can anyone give me a clue to a config setting or a piece of virtual dead
tree that I can read?
Thanks a lot.
roel
Some additional info:
---/---
compile options:
./configure \
--enable-cups \
--enable-static=no \
--enable-shared=yes \
--with-fhs \
--with-acl-support \
--with-automount \
--prefix=/usr \
--localstatedir=/var \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--with-lockdir=/var/cache/samba \
--sysconfdir=/etc \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba/private \
--with-swatdir=/usr/share/swat \
--with-smbmount \
--with-quotas \
--with-syslog \
--with-utmp \
--with-libsmbclient \
--with-winbind \
--with-ldapsam \
--with-static-modules=vfs_posixacl \
---/---
smb.conf:
[global]
workgroup = DEMO
netbios name = TESTSERVER
server string = testserver
interfaces = 192.168.1.255/24 127.255.255.255/8
bind interfaces only = Yes
hosts allow = 192.168.1. 127.0.0.1
encrypt passwords = Yes
username map = /etc/samba/smbusers
log file = /var/log/samba/samba.log
max log size=350k
max open files = 4000
syslog = 0
domain logons = Yes
logon script = %U.bat
# This is for winNT and possibly win2000
# The profile share is also needed
logon path = \\testserver\%U\.profileNT
# This is for win95 and win98
logon drive = H:
logon home = \\testserver\%U
os level = 254
preferred master = Yes
domain master = Yes
local master = Yes
wins support = Yes
time server = Yes
name resolve order = host wins bcast
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=example,dc=tld
ldap machine suffix = ou=users
ldap user suffix = ou=users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=example,dc=tld
idmap backend = ldap:ldap://localhost
idmap uid = 10000-20000
idmap gid = 10000-20000
printing = cups
min print space = 1000
vfs objects = posixacl
oplocks = No
level2 oplocks = No
[tv]
path = /tmp/tv
readlist =
validusers = +"Domain Users"
writelist = +"Domain Users"
vfs objects = posixacl
More information about the samba
mailing list