[Samba] Access rights from ACLs not honored when setting file attributes?

Felix Brack (Mailinglist) fb at ltec.ch
Wed Jun 1 10:40:49 MDT 2011 

Finally! Many thanks, that did it.

The option 'store dos attributes' was not enabled. After I did enable it 
everything works as expected.

I did just a little research on 3 servers here and this is the result: 
on samba 3.2.5 the problem dose not show up if 'store dos attributes' is 
disabled. However on samba 3.5.6 and 3.5.8 this option is definitely 
required for my setup. I must have missed somewhere between samba 
version 3.2.5 and 3.5.6 that this option became mandatory for my kind of 
setup, shame on me.

You saved my weekend which starts right now!

Felix


On 01.06.2011 17:37, TAKAHASHI Motonobu wrote:
> From: "Felix Brack (Mailinglist)"<fb at ltec.ch>
> Date: Wed, 01 Jun 2011 12:31:34 +0200
>
>> This is somewhat a reincarnation of a problem I am facing since
>> upgrading to samba 3.5.6 (3.5.8 is identical).
>
> (snip)
>
>> However using the windows function 'SetFileAttributes' fails in case the
>> user who is connected to the samba server and executes the function is
>> not either the owner of the file/directory or member of the owning group
>> of the file/directory. Therefore it looks like samba is ignoring any ACL
>> entry when using the windows function 'SetFileAttributes'. No matter if
>> there is an ACE granting the proper access right, samba fails.
>
> Can you set file attributes with GUI and Is "store dos attributes"
> set?
>
> As far as I examined at Samba 3.5.6, I can manually set attributes.
>
> I accessed with user monyo to test2.doc whose ACL is set as below:
>
> -----
> # getfacl test2.doc
> # file: test2.doc
> # owner: tako
> # group: root
> user::rw-
> group::rw-
> group:aclshare3ro:r-x
> group:aclshare3rw:rwx
> mask::rwx
> other::---
> # id ika
> uid=2018(ika) gid=2030(ika) groups=2030(ika),2005(aclshare3rw)
> -----
>
> My smb.conf is :
> [global]
>    (nothing is defined)
>
> [aclshare3]
>    path = /var/lib/samba/shares/aclshare3
>    writeable = yes
>
>    force group = root
>    inherit permissions = yes
>
>    store dos attributes = yes
>    map archive = no
>    map read only = no
>
> ---
> TAKAHASHI Motonobu<monyo at samba.gr.jp>

More information about the samba mailing list