[Samba] Bizarre - How did windows user setfacl for a file??
samba at byshenk.net
Thu Nov 13 15:32:36 GMT 2008
On Wed, Nov 12, 2008 at 01:46:45AM -0600, David C. Rankin wrote:
> In 8 years, since 2.02 (I think), I have never seen this behavior out of
> samba. I run a stand-alone server with WinXP clients. Somehow a legal assistant
> created (not intentionally mind you) files and directories with ACL attributes set:
> -rwxrwx---+ 1 cyndy ochiltree 21504 2008-10-28 16:48 AUTHORIZATION -
> -rwxrwx---+ 1 cyndy ochiltree 12804 2008-10-28 16:48 AUTHORIZATION -
> drwxrwx---+ 2 cyndy ochiltree 4096 2008-10-29 16:56 Gregg, Joy/
> -rwxrwx---+ 1 cyndy ochiltree 44544 2008-10-28 16:32 POA - BG Contingency New.doc*
> -rwxrwx---+ 1 cyndy ochiltree 48309 2008-10-28 16:31 POA - BG Contingency New.pdf*
> drwxrwx---+ 2 cyndy ochiltree 4096 2008-10-29 16:51 Roper, Buddy/
> What in the heck? I found the setfacl --remove-all
> command that gets rid of this, but I'm still left wondering WTF happened in the
> first place? Moreover, how do I configure samba to make sure this never happens
> again? My config is: [...]
I'm not sure for exactly how long, but Samba has supported extended ACLs
for quite some time (if the underlying OS/filesystem has such support).
To ensure that it is not there, you can either a) build samba without
acl support; or b) disable extended ACLs on the filesystem.
As for why it changed for you, I notice that the default configuration
is now (for Samba-3.2.4, at least)
--with-acl-support Include ACL support (default=auto)
... which I believe means that it will build in ACL support if the
system has it. Perhaps this has changed recently?
greg byshenk - gbyshenk at byshenk.net - Leiden, NL
More information about the samba