[Samba] ACLS without winbind (but WITH correct user mapping)
Colin Fowler
cfowler at scss.tcd.ie
Fri Jun 22 06:14:15 MDT 2012
On 22/06/12 12:22, steve wrote:
> On 22/06/12 12:50, Colin Fowler wrote:
>> On 22/06/12 11:46, steve wrote:
>>> On 22/06/12 11:41, Colin Fowler wrote:
>>>> On 21/06/12 17:50, Jeremy Allison wrote:
>>>>> On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:
>>>
>>>>
>>>> Am I corect in thinking that this is something that would be
>>>> desireable
>>>> for others and not just me and my rather oddball configuration? For
>>>> people using standalone servers, NSS/LDAP etc and any other places
>>>> where
>>>> winbind is not used, this would be a rather useful feature, no?
>>>>
>>>
>>> Hi Colin, Hi Jeremy
>>> I don't think it's so oddball. We also use nss for our rfc2307
>>> mappings from the S4 directory for Linux clients joined to the domain.
>>> It works perfectly via NFS to Linux but acls on shares on s3fs between
>>> Linux and windows are not quite right.
>>>
>>> Colin: Are you talking about setting an acl on windows and it being
>>> honoured by Linux and vica versa?
>>>
>>> Jeremy: are you saying that acl mappings 'both ways' only work with
>>> winbind?
>>>
>>> If so, a big +1 from me to get the 'both' ways working. Very
>>> desirable. Maybe this will get easier when we can put stuff like
>>> create mode= and force group= in smb.conf.
>>>
>>> Cheers,
>>> Steve
>>
>> Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a
>> domain user and for it to be honoured in Linux for the mapped Unix user.
>> Currently if I set an ACL in Linux for the Unix user, it actually
>> appears correctly in the security dialog box on windows. I just can't
>> set a new ACL from Windows.
>>
>> regards,
>> Colin
>>
>>
>>
>>
> Hi Colin
> That's interesting. I have a bugzilla open on something similar:
>
> https://bugzilla.samba.org/show_bug.cgi?id=8938
>
> So, when a user creates a file, e.g. in his home folder in windows, do
> the acl and permissions appear correct back on the fileserver or when
> the same file is viewed on a Linux client?
>
> Cheers,
> Steve
Hi Steve, I'm running Samba 3.6.5 currently, not 4.0 and I'm running
without winbind· When a user in windows (DOMAIN\bob) creates a file, it
appears on linux as owned by the unix user bob. There's no acls on the
file, just a file with the ownerships of bob and bob's primary group
(staff). If on Linux I add an ACL for the user tom via setfacl, I can
see the user tom in the security list in Windows as (Unix User\tom).
What I can't do is add ACLs from windows.
Colin
More information about the samba
mailing list