[Samba] Issues with acl_xattr module
mitja at mttv.it
mitja at mttv.it
Thu May 30 11:14:31 MDT 2013
Hi all, i'm new in this mailing list, i need some help with a problem i
experience with my samba setup.
I set up a fileserver on top of debian 6 with samba-3.6.6 on an XFS
I tried to use vsf acl_xattr for better windows compatibility and it
seems generally working good, but i experience some strange behavior: I
added two acls with different restrictions one for a user and the other
for a group the user is member of, it seems that the more restrictive
permissions are evaluated.
To reproduce the problem i used a domain user that is member of group1
and that group1 has read-wrire(modify) permissions on the file i want to
write to. As soon as i apply another acl with read-only permission on
the same file for the specified user, i can't write to file anymore.
The very strange thing is that as i try to apply a read only acl to
group and a read write acl to user i can write the file normally.
I dont know if this is some sort of my misconfiguration or wrong
filesystem permision on top of the share i tried many variations
including enabling end disabling acl_xattr:ignore system acls option.
but no change.
Filesystem is XFS and comes with extended attributes enabled. Follows
the global smb.conf and the share definition.
Any help will be appreciated.
workgroup = INTRA
realm = INTRA.COMUNE.TRENTO.IT
server string = File server applicazioni
security = ADS
log file = /var/log/samba/%m-%U.smbd
load printers = No
printcap name = /dev/null
disable spoolss = Yes
local master = No
domain master = No
registry shares = Yes
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config INTRA : range = 10000-99999
idmap config INTRA : backend = rid
idmap config * : range = 1000000-2000000
idmap config * : backend = tdb
hosts allow = 192.168.0.0/255.255.0.0, 10.2.0.0/255.255.0.0
path = /smbmnt/disk_servizi/Servizi/pippo/
read only = no
browseable = No
store dos attributes = Yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = Yes
ea support = Yes
inherit acls = Yes
guest ok = no
available = yes
inherit permissions = yes
map acl inherit = yes
acl map full control = no
More information about the samba