[Samba] program update made my shares no work anymore (ACL)

J. Echter j.echter at echter-kuechen-elektro.de
Tue Sep 9 12:37:28 MDT 2014


Hi,

 i run a few samba shares successfully with CentOS 6.5.

I have a program (CAD) hosted on this server.

Since an upgrade i have some trouble make it work again.

If a user modifys an project only this user can open the project.

What i see is (for example):

drwxrwx---    2 admin bau   4 16. Feb 2014  test1

works

drwxrwx---+   2 admin bau   4 27. Aug 12:58 test2

doesn't work.

getfacl test1

# file: test1
# owner: admin
# group: bau
user::rwx
group::rwx
other::---


getfacl test2
# file: test2
# owner: admin
# group: bau
user::rwx
group::rwx
group:Administrators:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:Administrators:rwx
default:mask::rwx
default:other::---

how to tell samba to set acl to the group i specified in smb.conf?

like this:

[DDS]
force group = bau
valid users = @bau @Administrators
create mode = 0770
directory mode = 0770


for test2 it should read:

group:bau:rwx

What do i do wrong?

Here's my smb.conf ([global] + [share])

[global]
   domain master = yes
   local master = yes
   domain logons = yes
   preferred master = yes
   os level = 255
   max protocol = SMB2
   passdb backend = ldapsam:ldap://192.168.0.200
   wins support = yes
   idmap backend = ldap:ldap://192.168.0.200
   idmap uid = 10000-15000
   idmap gid = 10000-15000
   ldap suffix = dc=workgroup,dc=local
   ldap user suffix = ou=smb-usr
   ldap group suffix = ou=groups
   ldap machine suffix = ou=computers
   ldap idmap suffix = ou=idmap
   ldap admin dn = cn=admin,dc=workgroup,dc=local
   ldap ssl = no
   ldap passwd sync = yes
   add machine script = /usr/sbin/smbldap-useradd -i -t 0 -w "%u"
   add user script = /usr/sbin/smbldap-useradd -a '%u'
   delete user script = /usr/sbin/smbldap-userdel %u
   add group script = /usr/sbin/smbldap-groupadd -a '%g'
   delete group script = /usr/sbin/smbldap-groupdel '%g'
   add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
   delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
   set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
   lanman auth = Yes
   ntlm auth = Yes
   client NTLMv2 auth = Yes
   printing = bsd
   netbios name = PDC
   server string = PDC (samba)
   workgroup = workgroup
   interfaces = 192.168.0.200/24 127.0.0.1
   bind interfaces only = yes
   security = user
   encrypt passwords = true
   map to guest = bad user
   guest account = nobody
   logon path = \\cluster\profiles\%U
   logon script = %U.bat
   logon drive = H:
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/Thumbs.db/


[DDS]
   path = /DATEN/samba/shares/DDS
   guest ok = no
   public = no
   valid users = @bau @Administrators
   browseable = yes
   force group = bau
   read only = no
   create mode = 0770
   directory mode = 0770
   hide unreadable = yes

any help is welcome.

cheers

juergen


More information about the samba mailing list