[Samba] Does Samba 4 actually respect Unix file acls?

Rufe Glick rufe.glick at gmail.com
Fri Dec 19 10:47:51 MST 2014 

Hello,

After researching the subject on the internet I concluded that Samba should take into account Unix file acls. During my tests I found the opposite. Only Unix file mode bits are respected, and file acls are ignored. If my initial assumption is correct and Samba do respect Unix file acls, then I am doing something wrong. Please see the setup below and point to what I am doing wrong.

Distribution and Samba version in use: Centos Linux 7; Samba 4.1.1

##### Server

# Create Linux users
useradd alice
useradd bob

# Create a directory to be shared; set ro permissions for alice using \
# file mode bits and rw permissions for bob using file acls
mkdir /home/smbshare
chown alice:alice /home/smbshare
chmod 0500 /home/smbshare
setfacl -m u:bob:rwx /home/smbshare
setfacl -m m:rwx /home/smbshare

# Create a file for testing purposes
echo 'Hello world!' > /home/smbshare/test.txt

# Add users to Samba database
pdbedit -a -u alice
pdbedit -a -u bob

# Define share in smb.conf and restart the smb daemon
vim /etc/samba/smb.conf
    comment = smbshare for alice(ro) and bob(rw)
    path = /home/smbshare
    browseable = yes
    writeable = yes
    valid users = alice bob

systemctl reload smb

# Set the SELinux permissions and open samba on firewall
chcon -R -t samba_share_t /home/smbshare

firewall-cmd --add-service=samba --permanent
firewall-cmd --reload


##### Client

# Create Linux users
useradd alice
useradd bob

# Mount the remote Samba share
mkdir /mnt/smbshare
mount -t cifs -o username=alice,password=pass //192.168.1.112/smbshare /mnt/smbshare

# Now test the permissions 
su - alice
cd /mnt/smbshare
cat test.txt        # shows the contents of test.txt, as expected
echo 'I am alice' > test2.txt   # permission denied, as expected
exit

su - bob
cd /mnt/smbshare    # permission denied -- ???? NOT AS EXPECTED
exit

# I think it doesn't matter under which user to mount, but just to be sure \
# I tried to mount using bob's credentials
umount /mnt/smbshare
mount -t cifs -o username=bob,password=pass //192.168.1.112/smbshare /mnt/smbshare

# After checking actual permissions I got the same results as above: \
# alice have read-only permissions (as expected), bob have no access (NOT as expected)

--
Best regards,
Rufe

More information about the samba mailing list