[Samba] vfs_acl_xattr doesn't work unless all the inherit and map inherit acl parameters are set to yes, but want to set inherit owner = no

Rowland Penny rowlandpenny at googlemail.com
Wed Aug 20 16:12:07 MDT 2014


On 20/08/14 22:50, Sabuj Pattanayek wrote:
> I noticed that vfs_acl_xattr doesn't work unless all the inherit and map
> inherit acl parameters are set to yes. Which is fine but if I turn off
> inherit owner it completely breaks inheritance and security.NTACL never
> gets set for the file/directory that's created by the user. I want the uid
> of the user who's connected to be written and not the owner of the parent
> directory. Is there anyway to get vfs_acl_xattr to work with inherit owner
> turned off ?
>
> Btw, I have a non-standard setup where the server is connected to both ldap
> (nslcd) and ad (winbind) since our AD doesn't provide uid's . We have lots
> of smb/nfs servers operated by various groups so we try to maintain some
> sort of consistency for clients by providing the same uid #'s (provided in
> ldap) on files, so my smb.conf actually has :
>
> # ldap handles users
> winbind enum users  = no
> # setting this to no forces samba to use the gid of an equivalently named
> group from ldap with force group on a share, still allows for winbind in
> the nsswitch.conf group line
> winbind enum groups = no
>
> # /etc/nsswitch.conf
>
> passwd:     files ldap
> group:      files ldap winbind
>
>
> Thanks,
> Sabuj
Sorry, but you are going to have to give us some more info here, your 
complete (sanitized) smb.conf for a start.

Rowland



More information about the samba mailing list