[Samba] ACL misbehavior moving from POSIX ACL -> acl_xattr
wdevie at hrcsb.org
Wed Sep 16 09:18:58 MDT 2009
I had Samba 3.0 running on Debian Lenny configured to use POSIX ACLs on ext3.
They worked fine, or at least as fine as NT -> POSIX mapping ever did. After
testing 3.3 with acl_xattr on using a different machine, I decided to give it a
whirl on the production server. And yes, I know it's experimental.
I defined a share thusly:
vfs objects = acl_xatt
acl map full control = true
inherit acls = yes
map acl inherit = yes
map read only = Permissions
nt acl support = yes
acl group control = true
dos filemode = yes
enable privileges = yes
store dos attributes = yes
This is identical to the setup on the test machine, which worked correctly.
On the production machine, trying to set ACLs via XP's Explorer interface
fails with a permission denied. The log:
set_canon_ace_list: sys_acl_set_file type file failed for file TestDirectory/Test
(Operation not supported).
Having both POSIX ACL and the VFS object turned on produced some interest
results, so last night I unmounted /samba, turned off -o acl, and remounted it.
It now has user_xattr turned on, but -o acl is *off*. Restarted Samba,
everything seemed to work.
In the harsh light of users' morning, it appears that Samba is still trying to
use the POSIX ACL layer to store ACLs, although that's a best guess based on
the error message.
How can I insist that Samba use the vfs object ACL module, instead of the
More information about the samba