[Samba] vfs_acl_xattr doesn't work unless all the inherit and map inherit acl parameters are set to yes, but want to set inherit owner = no

Sabuj Pattanayek sabujp at gmail.com
Wed Aug 20 15:50:47 MDT 2014


I noticed that vfs_acl_xattr doesn't work unless all the inherit and map
inherit acl parameters are set to yes. Which is fine but if I turn off
inherit owner it completely breaks inheritance and security.NTACL never
gets set for the file/directory that's created by the user. I want the uid
of the user who's connected to be written and not the owner of the parent
directory. Is there anyway to get vfs_acl_xattr to work with inherit owner
turned off ?

Btw, I have a non-standard setup where the server is connected to both ldap
(nslcd) and ad (winbind) since our AD doesn't provide uid's . We have lots
of smb/nfs servers operated by various groups so we try to maintain some
sort of consistency for clients by providing the same uid #'s (provided in
ldap) on files, so my smb.conf actually has :

# ldap handles users
winbind enum users  = no
# setting this to no forces samba to use the gid of an equivalently named
group from ldap with force group on a share, still allows for winbind in
the nsswitch.conf group line
winbind enum groups = no

# /etc/nsswitch.conf

passwd:     files ldap
group:      files ldap winbind


Thanks,
Sabuj


More information about the samba mailing list