[Samba] acl permissions not staying

Felipe Augusto van de Wiel felipe at paranacidade.org.br
Fri Sep 21 18:44:04 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Neil Wilson wrote, On 20-09-2007 14:28:
> Hi guys,
> 
> I've got a problem where if I set permissions on a folder(Admin) 
> "setfacl -R -d -m u::rwx,g::wrx,o::- Admin/" and "setfacl -m o:- Admin"
> 
> I get the following.
> 
> mail:/data/samba/shared # getfacl Admin/
> # file: Admin
> # owner: BCP+administrator
> # group: samba
> user::rwx
> user:samba:rwx
> group::rwx
> group:BCP+admin:r-x
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:BCP+admin:r-x
> default:mask::rwx
> default:other::---
> 
> If I then browse to the share through windows and look at the 
> permissions for "everyone(other)", they have "none" which is what I want.
> I only want the user and group to have rwx on the folder(recursively) 
> and I want everyone to have no access.
>
> If I then go and change any of the permissions through windows eg: 
> adding/removing a group/user etc. then suddenly "everyone(other) gets 
> the following permissions.

	May I suggest that you then stop changing permission
from Windows? :-)   Seriously, it seems like some "default"
of Windows when changing something.


> mail:/data/samba/shared # getfacl Admin/
> # file: Admin
> # owner: BCP+administrator
> # group: samba
> user::rwx
> user:samba:rwx
> group::rwx
> group:BCP+admin:r-x
> mask::rwx
> other::r-x
> default:user::rwx
> default:group::rwx
> default:group:BCP+admin:r-x
> default:mask::rwx
> default:other::r--
> 
> No matter what I do through windows I cant remove access for "everyone" 
> unless I use the setfacl coomand again like above.

	That's strange and it seems more a Windows problem
than a Samba one. Did you tried with other versions with
Windows?  I remember having managed directories under MS
Windows clients without such behaviour. Maybe your
inheriting something from parent folder or some option
from the tool you are using.


> Another thing is that the permissions I'm applying aren't being applied 
> recursively, even though I'm applying them to recursively.
> 
> mail:/data/samba/shared/Admin/Pippa # getfacl Wills/
> # file: Wills
> # owner: BCP+administrator
> # group: samba
> user::rwx
> group::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:other::---
> 
> Please could someone shed some light here as I'm very baffled.
> Thanks in advance.

	Just to be sure, do you have ACL support compiled in Samba?
We are using ACLs with Samba in Debian etch (4.0), without any
problems and with the expected behaviour.

	Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG9BD0Cj65ZxU4gPQRCP4/AKC4tOCFv/vUh0lw5/QS9Sz9ETf1UQCgyZSt
P7uMp0zvEBtijdOoKA+T6Yc=
=qRTn
-----END PGP SIGNATURE-----

More information about the samba mailing list