[Samba] setfacl: Option -m: Invalid argument near character 3

Rowland Penny rowlandpenny at googlemail.com
Fri Dec 19 02:24:19 MST 2014


On 19/12/14 01:33, Rich Webb wrote:
> Please is there anyone who has an answer on why this might be happening?
> Do I need some sort of sssd support or winbind or something?  In the
> wiki about setting up acl's it doesn't say anything about any other
> requirements, only that you have to have acl support and xattr support
> in your filesystem which I do.
>
> I'm trying to deploy this server and I need a working solution tomorrow
> - kind of in a bind.. I hope someone can help.
>
> Thanks,
> Rich
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb
> Sent: Thursday, December 18, 2014 6:29 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
> 3
>
> I just tried that and I got the same error.  I think there is some
> extended acl support that I'm missing somewhere.
>
> It's like the setfacl command is not recognizing the AD groups as valid
> groups.
>
> I should also add the following information:
>
> This server is built up on CentOS 6.6 Minimal using the Sernet-Samba
> Enterprise packages.
>
> It looks like the binary that is running is /usr/sbin/samba and that is
> started with /etc/rc.d/init.d/sernet-samba-ad start
>
> Rich
>
> -----Original Message-----
> From: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha
> Sent: Thursday, December 18, 2014 4:42 PM
> To: Rich Webb; samba at lists.samba.org
> Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
> 3
>
>
>> I tried setting the permissions from the command line using:
>>
>> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared
>>
>> and it gives me:
>>
>> setfacl: Option -m: Invalid argument near character 3
>>
> You should enter:
>
> setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hi, if I create a dir on one of my DC's and then set an ACL on it:

root at dc01:~# mkdir testdir
root at dc01:~# setfacl -m d:g:'domain admins':rwx ./testdir
root at dc01:~# getfacl ./testdir
# file: testdir
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:EXAMPLE\134Domain\040Admins:rwx
default:mask::rwx
default:other::r-x

So you can see it works, Don't know why others have suggested using 
'-R', all it does is make setfacl recurse into directories.

I think your problem is this: '--use-ntvfs'

Try turning it off, see here, under the heading 'Starting s3fs': 
https://wiki.samba.org/index.php/Samba4/s3fs

Rowland



More information about the samba mailing list