[Samba] System ACL and Samba ACL

[Rowland Penny]

On 31/08/14 07:44, Litel Wang wrote:
> My destination is :/Example(folder) / ITD(folder) / LW(folder) ,user(lw) of group(ITD) can enter and do everything(rwx) in LW(folder),the following is ACL settings On Freebsd:
> -----------------------
> /Example(folder) :
> # owner: root
> # group: wheel
> user::rwx
> group::r-x
> other::r-x
> ---------------------
> /Example(folder) / ITD(folder):
> # owner: root
> # group: wheel
> user::rwx
> group::r-x
> group:ITD:r-x      *****************('rx' for ITD group,please notice that other has 'r' only )
> mask::r-x
> other::r--            *****************(r for other only)
> ------------------------------
> /Example(folder) / ITD(folder) / LW(folder):
> # owner: root
> # group: wheel
> user::rwx
> user:lw:rwx    ***************('rwx' for special user lw)
> group::r-x
> mask::rwx
> other::r--             *****************('r' for other only)
> ----------------------------
> It woks very well when i use ssh-client and it is just the same as the Posix ACL details（group ITD has 'rx' even if  other only has 'r'）。user(lw) can enter /Example(folder) / ITD(folder) and do everything(rwx) in LW(folder).And other user can't enter /Example(folder) / ITD(folder) because no 'x' permittion besides ITD group.
> but when I shared /Example(folder) in samba4 with rw（writable），after login(user lw ) by Windows Neibourhood(Windows xp), I can't  enter Example(folder) / ITD(folder)。
> I guest Samb has  check ITD has only 'r' for other ,so 'ITD' group should have only 'r' and  give up 'x' . Maye I am Wrong with something?
>
> Any suggestions？Thanks.
Yes, give us a bit more info ;-)

I think from reading your post that you are using samba4 as a member 
server (running smbd, nmbd and possibly the winbindd deamons).

Can you post your smb.conf, what OS is samba4 running on, is it joined 
to a domain and if so what is the AD DC.

Rowland