[Samba] ACL problem under FC9

Christos Karaviotis chris at linuxcyprus.org
Tue Apr 28 06:46:29 GMT 2009 

On Fri, March 13, 2009 11:07, Christos Karaviotis wrote:
> On Wed, March 11, 2009 14:26, Adam Tauno Williams wrote:
>>> I am running Samba for some years now (3 years) and had absolutely no
>>> problems.  For the last month on one of the machines the NT ACL stopped
>>> working and everyone have full access everywhere even if they are not
>>> in
>>> the acl.
>>> If I try to add them and restrict them only to read and execute the acl
>>> will show that this is the case but it will have no effect.
>>> I am running Fedora 9 and Samba-3.2.4.  I have done the installation
>>> many
>>> times and this particular one used to work but now it fails.
>>> I have tried to upgrade to 3.2.8 but still the same problem.  I have
>>> remounted the FS with the option (acl) it did it but that did not solve
>>> the problem.
>>
>> If you do a getfacl on the object do you see the ACLs you think you set?
>> --
>> OpenGroupware developer: awilliam at whitemice.org
>> <http://whitemiceconsulting.blogspot.com/>
>> OpenGroupare & Cyrus IMAPd documenation @
>> <http://docs.opengroupware.org/Members/whitemice/wmogag/file_view>
>>
>>
>>
> Well I did that.  Even users that do not exist in that folder's ACL have
> rwx effective permissions.  I am going crazy.  The same exact setup with
> the same permissions on another machine is still working fine.
>
>
> Chris
>
Sorry for the delay

This is my smb.conf

===========================
[global]
        acl map full control = yes
        admin users = user1, at Directors
        socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192
SO_RCVBUF=8192
        force group = Directors
        encrypt passwords = yes
        passdb backend = tdbsam
        nt acl support = yes
        netbios name = Atlas
        server string = Public Folders
        default = Public Folders
        unix password sync = yes
        local master = yes
        workgroup = mydomain
        acl group control = Yes
        os level = 33
        debug level = 10
        security = user
        username map = /etc/samba/smbusers
        winbind enum users = yes
        winbind enum groups = yes
#  Server configuration parameters
[homes]
browsable = no
hide dot files = yes
hide files = /.*
writable = yes
create mask = 765


[Public Folders]
        nt acl support = yes
        acl map full control = yes
        writeable = yes
        inherit acls = yes
        inherit permissions = Yes
        directory mode = 0770
        security mask = 0770
        force security mode = 0770
        path = /usr/local/SHARES
        write list = @Directors, at Administrator
        valid users = user1,user2,user3, at staff, at Directors, at Accounting
        create mode = 770
        user = user1,user2,user3, at staff, at Directors, at Administrator
===========================

More information about the samba mailing list