[Samba] chown destroys ACLs

[Davor Vusir]

Den 17 jul 2014 16:40 skrev "Klaus Hartnegg" <hartnegg at gmx.de>:
>
> On 17.07.2014 16:02, Rowland Penny wrote:
>>
>> You posted 'fs objects = acl_xattr' was this a typo?
>
>
> The 'v' was lost in copy & paste.
>
>
>> also do you have the 'attr' package installed.
>
>
> Yes
>
>
>> A quick test by creating a test dir by root and adding a users ACL with
>> setfacl and then changing the owner and group via chmod & chgrp never
>> touched the ACL.
>
>
> Yes, but when ACL was changed in Windows, doing chown in Linux resets the
Windows-ACL to the Linux-ACL. Is there a way to prevent this?
>
>
>> Having said all that, why are you altering the ownership of the
>> directories and files on Linux, set them (as per the wiki) once on
>> linux, then set or change them from a windows client.
>>
>> If you don't have any windows clients, learn how to use setfacl.
>
>
> I have *only* Windows clients, but each day some directories and files
are created by a process that does not set owner and permissions. I tried
to use setfacl, smbcacls, and samba-tool ntacl. None of them works:
> - smbcacls fails to propagate inherited permissions.
> - samba-tool says "ERROR: Unable to read domain SID"
> - setfacl puts things into the Windows ACL that do not belong there, for
example Unix Group, and other options cannot be set.
>
> So I used icacls in Windows to set permissions and owner, although it is
awfully slow when changing files on a Samba server. But when I then look at
the files in Linux, they have the wrong owner. When I fix this with chown,
then the Windows-ACL is gone. So I must first chown in Linux, then icacls
in Windows, or accept that the owner shown in Linux is unreliable.
>
Forget icacls. Try Helge Kleines SetACL.exe. It is _the_ tool for ACE/ACL
manipulation!

Regards
Davor

> There should really be an easier way to do this.
>
> Klaus
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba