[Samba] Linux ACL mapping problem.

Prunk Dump prunkdump at gmail.com
Wed Mar 19 06:23:38 MDT 2014


Hello,

I have a samba client with a working winbind uid/gid mapping. But the
ACL check give me strange results with mount.cifs.

The folder /uhomes/2de1 have the following ACL :

$ getfacl /uhomes/2de1
# file: /uhomes/2de1
# owner: root
# group: 2de1
user::rwx
group::r-x
group:teachers:rwx
mask::rwx
other::---

The user "pellegrb" is a member of the "teachers" group.

$ id pellegrb
uid=3000137(pellegrb) gid=3000038(teachers)
groups=3000038(teachers),100(users),3000037(fichusers),5000001(BUILTIN\users)

1) If from a windows client I mount the share as "pellegrb", I can
access the files. No problem.

2) If from a linux client I mount the share with the "noperm" flag :

mount -t cifs //fichdc/uhomes/ /uhomes/2de1 -o
user=pellegrb,uid=3000137,gid=3000038,noforceuid,noforcegid,noperm

No problem the user can access the files.

3) But If the "noperm" flag is not set the access is denied ! However
the ACls seems corrects !

$ id
uid=3000137(pellegrb) gid=3000038(teachers)
groupes=3000038(teachers),100(users),3000037(fichusers),5000001(BUILTIN\users)

$ getfacl /uhomes/2de1
# file: /uhomes/2de1
# owner: root
# group: 2de1
user::rwx
group::r-x
group:teachers:rwx
mask::rwx
other::---

$ mount
//fichdc/uhomes/ on /uhomes/2de1 type cifs
(rw,relatime,sec=ntlm,unc=\\fichdc\uhomes,username=pellegrb,uid=3000137,noforceuid,gid=3000038,noforcegid,addr=172.16.200.20,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1

4) The same ACL applied directly on a ext4 file system let access to
the user "pellegrb".

I don't understand where the problem come from ...

Thanks !


More information about the samba mailing list