[Samba] Does Samba 4 actually respect Unix file acls?
Steve French
smfrench at gmail.com
Fri Dec 19 20:13:47 MST 2014
On Dec 19, 2014 9:05 PM, "Rufe Glick" <rufe.glick at gmail.com> wrote:
>
> Hello Jeremy,
>
> Friday, December 19, 2014, 7:00:06 PM, you wrote:
>
> > On Fri, Dec 19, 2014 at 06:31:33PM -0500, Rufe Glick wrote:
> >> Hello Jeremy,
>
> >> Friday, December 19, 2014, 4:55:21 PM, you wrote:
>
> >> > On Fri, Dec 19, 2014 at 03:58:58PM -0500, Rufe Glick wrote:
> >> >> Hello Jeremy,
>
> >> >> > Do alice and bob have the same user ids on client
> >> >> > and server ?
>
> >> >> Yes, the uids and gids are identical on both server and client
machines.
>
> >> > Then it should work. Set debug level 10 on the smbd
> >> > and look for ACCESS_DENIED messages in the logs.
>
> >> I set debug level to 10. This is the output --
http://pastebin.com/dfmHqYA7 -- I get in '/var/log/samba/log.' file on the
server side when I try to access share as bob on the client machine (and
get Permission denied error). There are no ACCESS_DENIED messages in the
logs. For the reference - bob's uid/gid are 1002, alice's uid/gid are 1001.
>
> > Hmmm. Might be a client bug. It's only doing
> > a smbd_do_qfilepathinfo: SMB_QUERY_FILE_UNIX_BASIC
> > call to check if it can cd into the directory,
> > instead of a SMB_QUERY_POSIX_ACL: trans2
> > request.
>
> > Pinging Steve French...
>
> By the way of trial and error I seem to find the setup that allows bob to
have read-write access on
> the share, but in somewhat lame way.
>
> First bob's uid must be used with mount options:
>
> mount -t cifs -o username=bob,password=pass,uid=1002 //
192.168.1.112/smbshare /mnt/smbshare
>
> Second - owner's file mode bits on directory must match or exceed those
that set for other user using acls.
> That is if bob has full rwx permissions on directory (via acl), but
owner's bits are r-x, than bob won't
> have rwx, but r-x permissions on the directory. As soon as I change
shared directory's owner's
> (alice in this case) permissions to rwx, bob gets full permissions as
well (I have to re-login).
>
> Also if I then try to access the share as alice I get read-only access
for the share (though
> now alice has rwx perimssions as directory owner). Things like 'touch
file.txt' or
> 'echo "I am alice" > file.txt' return Permission denied error and create
an empty file.
>
> That is weird and illogical behavior. I would appreciate if someone can
explain me why it works this
> way and if it should work this way.
>
> For the reference the version number as returned 'mount.cifs -V' is 6.2
>
Have you tried mounting with noperm (and also tried multiuser mounts)?
More information about the samba
mailing list