[Samba] ACL ignored on cifs mounted share

Norbert Heinzelmann N.Heinzelmann at rt.tu-cottbus.de
Thu Jan 22 05:57:25 MST 2015

Am 22.01.2015 um 12:28 schrieb Rowland Penny:
> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>> Hello,
>> I have the problem that the ACLs are ignored when I mount a share via 
>> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it 
>> with Gentoo and samba 4.1.14). So I joined a member server like the 
>> wiki describes. Everything works fine. I can manage the users and 
>> permissions with the RSAT tools. For the linux side I use rfc2307 and 
>> winbind on the member. So every user and group has a uid and gid. I 
>> can login at the member server, but when I try to access a shared 
>> folder it failed with permission denied. Here is the output, I hope 
>> this helps to understand the problem:
>> root at client9:/home/testsamba# mount -vt cifs //server1/studis 
>> /data/studis -o user=klaus,sec=krb5
>> mount.cifs kernel mount options: 
>> ip=,unc=\\server1\studis,sec=krb5,user=klaus,pass=********
>> root at client9:/home/testsamba# getfacl /data/studis/
>> getfacl: Entferne führende '/' von absoluten Pfadnamen
>> # file: data/studis/
>> # owner: root
>> # group: root
>> user::rwx
>> user:root:rwx
>> user:klaus:rwx
>> group::r-x
>> group:root:r-x
>> group:rt:rwx
>> group:studis:rwx
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:root:rwx
>> default:user:klaus:rwx
>> default:group::r-x
>> default:group:root:r-x
>> default:group:rt:rwx
>> default:group:studis:rwx
>> default:mask::rwx
>> default:other::---
>> root at client9:/home/testsamba# su klaus
>> klaus at client9:/home/testsamba$ id
>> uid=10000(klaus) gid=10000(rt) Gruppen=10000(rt)
>> klaus at client9:/home/testsamba$ cd /data/studis/
>> bash: cd: /data/studis/: Keine Berechtigung (permission denied)
>> I dont understand, why it is not working. My questions are: Should it 
>> work? Is it a bug or is it a problem in configuration?
> OK, this appears to be a Unix problem, the user on the client cannot 
> 'cd' into another dir, this really has nothing to do with cifs.
> What does ls -la /data show ?
> Rowland
Hello Rowland,

while my tests I set up a member server that shares a folder, so  I can 
login as AD user. At this member server I could access the folder 
(local). But if I mount the same folder to another member it did not 
work. Thats why I dont think its a Unix problem but maybe I 
misunterstood something.

ls -la says
drwxrwx---+  2 root root    0 Jan 19 15:59 studis


More information about the samba mailing list