[Samba] Set ACLs on Samba share from Windows
Dadoo
samba1.3.dadoo3002 at spamgourmet.com
Wed Sep 1 18:16:00 MDT 2010
On Wed, 01 Sep 2010 23:19:25 +0000, Dadoo wrote:
> On Wed, 01 Sep 2010 20:24:47 +0000, Dadoo wrote:
>> I've also dug into some of the Samba source and discovered the error is
>> coming from a function named "acl_valid", which is called from
>> "smb_acl_to_posix", in the file "vfs_posixacl.c". I'll admit I'm no
>> expert on POSIX ACLs, but I have to wonder if there's a bug in the
>> Linux ACL functions, since "smb_acl_to_posix" uses *only* ACL functions
>> to manipulate the ACL, and someone else in this group said that very
>> same function works on Solaris. Does this work for anyone out there,
>> using a Linux system?
>
> Okay, now I'm getting somewhere. I finally got my source-compiled
> version of Samba (mostly) working, and put in a DEBUG statement that
> calls "acl_to_text", right before the call to "acl_valid". This is what
> I got:
>
> user::rwx
> user::rwx
> user:2001:rwx
> user:2003:rwx
> user:2004:rwx
> user:2005:rwx
> user:2006:rwx
> group::---
> mask::rwx
> other::---
>
> Again, I'm not an ACL expert. Can anyone verify whether or not this is a
> valid ACL?
>
> Thanks
Well, it's not a bug in the Linux POSIX ACL libraries. According to the
man page, it's the occurrence of two "user::rwx" (ACL_USER_OBJ) strings.
In my log output, taken from the "for" loop in "smb_acl_to_posix", you
can see that Samba attaches two ACL_USER_OBJ entries to the ACL, even
though the POSIX rules require exactly one.
Where do I go from here?
===== Log output
Initial ACL is:
Iteration 0: ACL type is USER
Iteration 0: ACL uid is 2001.
ACL after iteration 0 is:
user:2001:rwx
Iteration 1: ACL type is USER_OBJ
ACL after iteration 1 is:
user::rwx
user:2001:rwx
Iteration 2: ACL type is USER
Iteration 2: ACL uid is 2003.
ACL after iteration 2 is:
user::rwx
user:2001:rwx
user:2003:rwx
Iteration 3: ACL type is USER
Iteration 3: ACL uid is 2004.
ACL after iteration 3 is:
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
Iteration 4: ACL type is USER
Iteration 4: ACL uid is 2005.
ACL after iteration 4 is:
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
Iteration 5: ACL type is USER
Iteration 5: ACL uid is 2006.
ACL after iteration 5 is:
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
Iteration 6: ACL type is GROUP_OBJ
ACL after iteration 6 is:
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
Iteration 7: ACL type is USER_OBJ
ACL after iteration 7 is:
user::rwx
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
Iteration 8: ACL type is OTHER
ACL after iteration 8 is:
user::rwx
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
other::---
Iteration 9: ACL type is MASK
ACL after iteration 9 is:
user::rwx
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
mask::rwx
other::---
Final ACL is:
user::rwx
user::rwx
user:2001:rwx
user:2003:rwx
user:2004:rwx
user:2005:rwx
user:2006:rwx
group::---
mask::rwx
other::---
More information about the samba
mailing list