[Samba] Inherited ACLs can not be removed on Solaris10 sparc
Eli Kleinman
elik at bhphotovideo.com
Tue Aug 26 00:08:08 GMT 2008
Hi,
I have a problem with the removal of inheritance ACLs of subdirectories.
It almost sounds like only adding ACLs work but removals of inheritance
ACL's not.
By default the access rights (including ACLs) should be inherited, but
it should also be possible to remove the access rights from any
subdirectory.
This is what I am trying to do, I have a share called media with some
users / groups, all permissions from the media share (folder) is in
inherited to any folder created below which works (below), The problem
is when I try to remove access rights using windows XP right click
security tab the remove doesn't work.
[root at host] # getfacl /data1/shared/media
# file: /data1/shared/media
# owner: usera
# group: root
user::rwx
user:userb:rwx #effective:rwx
user:userc:rwx #effective:rwx
group::rwx #effective:rwx
mask:rwx
other:rwx
-------------------------
[root at host] /data1/shared/media # getfacl New\ Folder
# file: New Folder
# owner: usera
# group: groupa
user::rwx
user:userb:rwx #effective:rwx
user:userb:rwx #effective:rwx
group::rwx #effective:rwx
group:root:rwx #effective:rwx
mask:rwx
other:rwx
---------------------
This is what I tried and didn't work, Right click on a folder as usera
click Properties ->tab Security -> select an inheritance user click
remove button, the following will happen the entry disappear as
expected. then clicking the apply button the entry is back in the list,
It looks like something is disallowing the remove of the the inherited
access rights, I have tried the same thing with commend line using
"setfacl -d u:userb::rwx New\ Folder" and it works without a problem, so
I am not sure what I am doing wrong? My smb.conf is below.
Any help is greatly appreciated.
-Eli
-------------------------------
Samba version: 3.0.28 (included with Solaris10 5/08)
Using UFS file system
cat smb.conf
-----------------------------------
[global]
workgroup = organization
netbios name = hosta
realm = DOMAIN.LOCAL
server string = Samba domain (%h)
use kerberos keytab = true
local master = no
domain master = no
guest account = guestacc
security = ADS
host msdfs = yes
log level = 3
max log size = 500
;;;;;;;;;;;;;;;;;;; LDAP Section ;;;;;;;;;;;;;;;;;;;
;enable privileges = yes
ldap admin dn = "cn=samba,ou=profile,dc=bnh,dc=com"
ldap suffix = o=domain.com,dc=domain,dc=com
passdb backend = ldapsam:"ldap://ldap1.bnh.com:389"
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap ssl = no
;;;;;;;;;;;;;;;;;;; Printing Section ;;;;;;;;;;;;;;;;;;;
printing = bsd
show add printer wizard = yes
printcap name = /etc/printers.conf
lpq cache time = 30
client use spnego = yes
deadtime = 30
[media]
comment = Media Share
path = /data1/shared/media
writable = yes
create mask = 0777
force create mode = 0777
directory mask = 0777
inherit permissions = Yes
inherit acls = Yes
inherit owner = yes
--
Eli Kleinman
B&H Photo Video, Inc.
420 9TH Avenue
New York, NY 10001 USA
Phone: 212-239-7500 Ext.2154
Email: elik at bhphoto.com
More information about the samba
mailing list