[Samba] Fwd: Re: CIFS Mount Obeying ACLs

steve steve at steve-ss.com
Wed Feb 27 01:34:20 MST 2013

Sorry Andrew, I forgot to send to the list.

-------- Original Message --------
Subject: 	Re: [Samba] CIFS Mount Obeying ACLs
Date: 	Wed, 27 Feb 2013 09:32:48 +0100
From: 	steve <steve at steve-ss.com>
To: 	Andrew Martin <amartin at xes-inc.com>

On 27/02/13 01:03, Andrew Martin wrote:
> Hello,
> I have configured a Samba 3 fileserver (on Ubuntu 12.04) joined to a Samba 4.0.3 (AD) domain. I have configured a number of ACLs for restricting access to directories on the share, which works well when accessing the share from Windows. However, mounting the share from another Linux machine (Ubuntu 12.04) using CIFS does not appear to obey the ACLs (e.g. a user can access files that they should not have permission to access). Checking the kernel, I can see that CONFIG_CIFS_POSIX, CONFIG_CIFS_ACL and CONFIG_CIFS_XATTR are enabled:
> # CONFIG_CIFS_STATS2 is not set
> # CONFIG_CIFS_DEBUG2 is not set
> Any ideas on why the CIFS mount will not obey the ACLs?
> Thanks,
> Andrew
Hi Andrew, hi everyone
4.0.4 git DC and file  server

I'm tearing my hair out on this one too. No matter what I set in
smb.conf or using setfacl on the Linux client, any file created on a
cifs mount is _always_ created 0777.

I see that the default in  smb.conf is:
create  mode = 0777
but even overriding this with:
create mode = 0644
either in [global] or in a separate share,
still produces files with 0777 permissions no matter what.

I really would like to solve this one. Several threads here, on
samba-technical and on my distro list have so far drawn a blank.

More information about the samba mailing list