[Samba] ACL problem under FC9
Christos Karaviotis
chris at linuxcyprus.org
Tue Apr 28 06:46:29 GMT 2009
On Fri, March 13, 2009 11:07, Christos Karaviotis wrote:
> On Wed, March 11, 2009 14:26, Adam Tauno Williams wrote:
>>> I am running Samba for some years now (3 years) and had absolutely no
>>> problems. For the last month on one of the machines the NT ACL stopped
>>> working and everyone have full access everywhere even if they are not
>>> in
>>> the acl.
>>> If I try to add them and restrict them only to read and execute the acl
>>> will show that this is the case but it will have no effect.
>>> I am running Fedora 9 and Samba-3.2.4. I have done the installation
>>> many
>>> times and this particular one used to work but now it fails.
>>> I have tried to upgrade to 3.2.8 but still the same problem. I have
>>> remounted the FS with the option (acl) it did it but that did not solve
>>> the problem.
>>
>> If you do a getfacl on the object do you see the ACLs you think you set?
>> --
>> OpenGroupware developer: awilliam at whitemice.org
>> <http://whitemiceconsulting.blogspot.com/>
>> OpenGroupare & Cyrus IMAPd documenation @
>> <http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>
>>
>>
>>
> Well I did that. Even users that do not exist in that folder's ACL have
> rwx effective permissions. I am going crazy. The same exact setup with
> the same permissions on another machine is still working fine.
>
>
> Chris
>
Sorry for the delay
This is my smb.conf
===========================
[global]
acl map full control = yes
admin users = user1, at Directors
socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
force group = Directors
encrypt passwords = yes
passdb backend = tdbsam
nt acl support = yes
netbios name = Atlas
server string = Public Folders
default = Public Folders
unix password sync = yes
local master = yes
workgroup = mydomain
acl group control = Yes
os level = 33
debug level = 10
security = user
username map = /etc/samba/smbusers
winbind enum users = yes
winbind enum groups = yes
# Server configuration parameters
[homes]
browsable = no
hide dot files = yes
hide files = /.*
writable = yes
create mask = 765
[Public Folders]
nt acl support = yes
acl map full control = yes
writeable = yes
inherit acls = yes
inherit permissions = Yes
directory mode = 0770
security mask = 0770
force security mode = 0770
path = /usr/local/SHARES
write list = @Directors, at Administrator
valid users = user1,user2,user3, at staff, at Directors, at Accounting
create mode = 770
user = user1,user2,user3, at staff, at Directors, at Administrator
===========================
More information about the samba
mailing list