[Samba] Default Posix ACLs not honoured

Juergen Beurskens eheidekraut at yahoo.com
Wed Feb 13 16:18:34 GMT 2008


Hi all,

we are experiencing difficulties with posix ACLs using samba 3.0.28 on a
Debian 4.0 etch server.

The goal is to not let the Windows clients manage the ACLs but instead set
the permissions from the Samba server, hence smb.conf says "nt acl support =
no".

Problems arise when I have a directory with default permissions for a named
group, e.g.
# file: ACLTest
# owner: juergen
# group: users
user::rwx
group::rwx
group:msr-systems:r-x
mask::rwx
other::---
default:user::rwx
default:group::rwx
default:group:msr-systems:r-x
default:mask::rwx
default:other::---

When user juergen creates a file within directory ACLTest I would expect it
to have
user::rw-
group::rwx                      #effective:rw-
group:msr-systems:r-x           #effective:r--
mask::rw-
other::---

But what the files get instead is
user::rw-
group::rw-
group:msr-systems:r-x
mask::rwx
other::rw-


What is Samba doing here?
It can't be the Windows client, because nt acl support is disabled, right?
I mean, when there are no posix ACLs in the file system standard ugo
perms/suid/sgid always behave as you would expect from Linux.

--
Juergen Beurskens






More information about the samba mailing list