[Samba] ACL ignored on cifs mounted share

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 22 04:28:05 MST 2015

On 22/01/15 10:53, Norbert Heinzelmann wrote:
> Hello,
> I have the problem that the ACLs are ignored when I mount a share via 
> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it 
> with Gentoo and samba 4.1.14). So I joined a member server like the 
> wiki describes. Everything works fine. I can manage the users and 
> permissions with the RSAT tools. For the linux side I use rfc2307 and 
> winbind on the member. So every user and group has a uid and gid. I 
> can login at the member server, but when I try to access a shared 
> folder it failed with permission denied. Here is the output, I hope 
> this helps to understand the problem:
> root at client9:/home/testsamba# mount -vt cifs //server1/studis 
> /data/studis -o user=klaus,sec=krb5
> mount.cifs kernel mount options: 
> ip=,unc=\\server1\studis,sec=krb5,user=klaus,pass=********
> root at client9:/home/testsamba# getfacl /data/studis/
> getfacl: Entferne führende '/' von absoluten Pfadnamen
> # file: data/studis/
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> user:klaus:rwx
> group::r-x
> group:root:r-x
> group:rt:rwx
> group:studis:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:klaus:rwx
> default:group::r-x
> default:group:root:r-x
> default:group:rt:rwx
> default:group:studis:rwx
> default:mask::rwx
> default:other::---
> root at client9:/home/testsamba# su klaus
> klaus at client9:/home/testsamba$ id
> uid=10000(klaus) gid=10000(rt) Gruppen=10000(rt)
> klaus at client9:/home/testsamba$ cd /data/studis/
> bash: cd: /data/studis/: Keine Berechtigung (permission denied)
> I dont understand, why it is not working. My questions are: Should it 
> work? Is it a bug or is it a problem in configuration?

OK, this appears to be a Unix problem, the user on the client cannot 
'cd' into another dir, this really has nothing to do with cifs.

What does ls -la /data show ?


More information about the samba mailing list