[Samba] Set ACLs on Samba share from Windows

Dadoo samba1.3.dadoo3002 at spamgourmet.com
Wed Sep 1 18:16:00 MDT 2010


On Wed, 01 Sep 2010 23:19:25 +0000, Dadoo wrote:

> On Wed, 01 Sep 2010 20:24:47 +0000, Dadoo wrote:
>> I've also dug into some of the Samba source and discovered the error is
>> coming from a function named "acl_valid", which is called from
>> "smb_acl_to_posix", in the file "vfs_posixacl.c". I'll admit I'm no
>> expert on POSIX ACLs, but I have to wonder if there's a bug in the
>> Linux ACL functions, since "smb_acl_to_posix" uses *only* ACL functions
>> to manipulate the ACL, and someone else in this group said that very
>> same function works on Solaris. Does this work for anyone out there,
>> using a Linux system?
> 
> Okay, now I'm getting somewhere. I finally got my source-compiled
> version of Samba (mostly) working, and put in a DEBUG statement that
> calls "acl_to_text", right before the call to "acl_valid". This is what
> I got:
> 
>     user::rwx
>     user::rwx
>     user:2001:rwx
>     user:2003:rwx
>     user:2004:rwx
>     user:2005:rwx
>     user:2006:rwx
>     group::---
>     mask::rwx
>     other::---
> 
> Again, I'm not an ACL expert. Can anyone verify whether or not this is a
> valid ACL?
> 
> Thanks

Well, it's not a bug in the Linux POSIX ACL libraries. According to the 
man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ) strings. 
In my log output, taken from the "for" loop in "smb_acl_to_posix", you 
can see that Samba attaches two ACL_USER_OBJ entries to the ACL, even 
though the POSIX rules require exactly one.

Where do I go from here?


===== Log output

    Initial ACL is:
    Iteration 0: ACL type is USER
    Iteration 0: ACL uid is 2001.
    ACL after iteration 0 is:
        user:2001:rwx

    Iteration 1: ACL type is USER_OBJ
    ACL after iteration 1 is:
        user::rwx
        user:2001:rwx

    Iteration 2: ACL type is USER
    Iteration 2: ACL uid is 2003.
    ACL after iteration 2 is:
        user::rwx
        user:2001:rwx
        user:2003:rwx

    Iteration 3: ACL type is USER
    Iteration 3: ACL uid is 2004.
    ACL after iteration 3 is:
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx

    Iteration 4: ACL type is USER
    Iteration 4: ACL uid is 2005.
    ACL after iteration 4 is:
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx

    Iteration 5: ACL type is USER
    Iteration 5: ACL uid is 2006.
    ACL after iteration 5 is:
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx

    Iteration 6: ACL type is GROUP_OBJ
    ACL after iteration 6 is:
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx
        group::---

    Iteration 7: ACL type is USER_OBJ
    ACL after iteration 7 is:
        user::rwx
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx
        group::---

    Iteration 8: ACL type is OTHER
    ACL after iteration 8 is:
        user::rwx
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx
        group::---
        other::---

    Iteration 9: ACL type is MASK
    ACL after iteration 9 is:
        user::rwx
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx
        group::---
        mask::rwx
        other::---

    Final ACL is:
        user::rwx
        user::rwx
        user:2001:rwx
        user:2003:rwx
        user:2004:rwx
        user:2005:rwx
        user:2006:rwx
        group::---
        mask::rwx
        other::---



More information about the samba mailing list