[Samba] Fwd: Re: CIFS Mount Obeying ACLs
Andrew Martin
amartin at xes-inc.com
Wed Feb 27 12:50:28 MST 2013
----- Original Message -----
> From: "steve" <steve at steve-ss.com>
> To: samba at lists.samba.org
> Sent: Wednesday, February 27, 2013 2:34:20 AM
> Subject: [Samba] Fwd: Re: CIFS Mount Obeying ACLs
>
> Sorry Andrew, I forgot to send to the list.
>
>
> -------- Original Message --------
> Subject: Re: [Samba] CIFS Mount Obeying ACLs
> Date: Wed, 27 Feb 2013 09:32:48 +0100
> From: steve <steve at steve-ss.com>
> To: Andrew Martin <amartin at xes-inc.com>
>
>
>
> On 27/02/13 01:03, Andrew Martin wrote:
> > Hello,
> >
> > I have configured a Samba 3 fileserver (on Ubuntu 12.04) joined to
> > a Samba 4.0.3 (AD) domain. I have configured a number of ACLs for
> > restricting access to directories on the share, which works well
> > when accessing the share from Windows. However, mounting the share
> > from another Linux machine (Ubuntu 12.04) using CIFS does not
> > appear to obey the ACLs (e.g. a user can access files that they
> > should not have permission to access). Checking the kernel, I can
> > see that CONFIG_CIFS_POSIX, CONFIG_CIFS_ACL and CONFIG_CIFS_XATTR
> > are enabled:
> > CONFIG_CIFS=m
> > CONFIG_CIFS_STATS=y
> > # CONFIG_CIFS_STATS2 is not set
> > CONFIG_CIFS_WEAK_PW_HASH=y
> > CONFIG_CIFS_UPCALL=y
> > CONFIG_CIFS_XATTR=y
> > CONFIG_CIFS_POSIX=y
> > # CONFIG_CIFS_DEBUG2 is not set
> > CONFIG_CIFS_DFS_UPCALL=y
> > CONFIG_CIFS_FSCACHE=y
> > CONFIG_CIFS_ACL=y
> >
> > Any ideas on why the CIFS mount will not obey the ACLs?
> >
> > Thanks,
> >
> > Andrew
> Hi Andrew, hi everyone
> 4.0.4 git DC and file server
>
> I'm tearing my hair out on this one too. No matter what I set in
> smb.conf or using setfacl on the Linux client, any file created on a
> cifs mount is _always_ created 0777.
>
> I see that the default in smb.conf is:
> create mode = 0777
> but even overriding this with:
> create mode = 0644
> either in [global] or in a separate share,
> still produces files with 0777 permissions no matter what.
>
> I really would like to solve this one. Several threads here, on
> samba-technical and on my distro list have so far drawn a blank.
> Cheers,
> Steve
>
Steve,
My problem is a bit different. I have restricted access on a folder
to all but a single domain group:
$ getfacl testdir
# file: testdir
# owner: 516
# group: users
user::rwx
user:9872:rwx
group::rwx
group:group1:r--
group:group2:rwx
mask::rwx
other::---
Thus, members of group2 should have rwx access to testdir, which they
do when connecting to the share from Windows, but not when mounting
it over CIFS. The CIFS client machine is running Ubuntu 12.04. I have
tried this on Linux clients that are domain members (via winbind) and
those which are not and are just mounting the CIFS share. The behavior
in both cases is the same. Can anyone provide inside into why ACLs are
not being obeyed over CIFS on Linux?
Thanks,
Andrew
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list