[Samba] Samba4 - ACL not applied/followed (worked in samba 3.0.11)
Michal Hajek
Hajek67 at gmail.com
Wed Nov 27 03:57:15 MST 2013
Hi.
samba 4.1.1.. User has unix rights for writing, but samba denies write
access to him.
On samba server:
amistest at samba:~$ id
uid=6603(amistest) gid=20(users-nis)
groups=20(users-nis),2108(evis),2109(slp),2112(hernie),2126(poj),2133(hto),20000(users)
-> user amistest is in "poj" group
amistest at samba:~$ ls -ld ACLTEST
drwxrwxr-x+ 2 hrubos vema 4096 Nov 27 11:05 ACLTEST
amistest at samba:~$ getfacl ACLTEST/
# file: ACLTEST
# owner: hrubos
# group: vema
user::rwx
group::rwx
group:poj:rwx
mask::rwx
other::r-x
-> group poj can write in ACLTEST directory
amistest at samba:~$ touch ACLTEST/test
amistest at samba:~$ ls -l ACLTEST
total 4
-rw-rwxr--+ 1 hrubos poj 0 Nov 27 10:54 POKUS
-rw-r--r-- 1 amistest users-nis 0 Nov 27 11:35 test
amistest at samba:~$
-> user amistest can write in ACLTEST directory.
On PC, amistest logged into domain (sorry, it is in Czech):
S:\>dir ACLTEST
Svazek v jednotce S je amistest.
Sériové číslo svazku je EE7A-B776.
Výpis adresáře S:\ACLTEST
27.11.2013 11:03 <DIR> .
04.11.2013 09:52 <DIR> ..
27.11.2013 10:54 0 POKUS
27.11.2013 11:35 0 test
2 souborů, 0 bajtů
Adresářů: 2, Volných bajtů: 200 429 568
-> user amistest sees ACLTEST directory
S:\>net group /domain poj
Požadavek bude zpracován na primárním řadiči domény NIS.
Název skupiny poj
Komentář
Členové
-----------------------------------------------------------------------
amistest .....
Příkaz byl úspěšně dokončen.
-> user amistest in in "poj" group (seen from pc)
S:\>mkdir ACLTEST\testdir
Přístup byl odepřen.
-> user amistest can NOT write into the directory.
Homes section of smb.conf:
[homes]
comment = Home Directories
path = /home/%u
read only = No
create mask = 0700
directory mask = 0700
inherit acls = Yes
browseable = No
root preexec = /usr/local/bin/RPE '%u' 'HOMESHARE'
The same configuration worked in samba 3.0.11.
The questions are:
- how to check that samba 4.1.1 was compiled with acl support (I know it is
default, but...)?
- which parameter for samba 4.1.1 am I missing?
Thanks, Michal
More information about the samba
mailing list