[Samba] ACL ignored on cifs mounted share
Norbert Heinzelmann
N.Heinzelmann at rt.tu-cottbus.de
Thu Jan 22 06:17:36 MST 2015
Am 22.01.2015 um 13:14 schrieb Rowland Penny:
> On 22/01/15 11:52, Norbert Heinzelmann wrote:
>> Am 22.01.2015 um 12:28 schrieb Rowland Penny:
>>> On 22/01/15 10:53, Norbert Heinzelmann wrote:
>>>> Hello,
>>>>
>>>> I have the problem that the ACLs are ignored when I mount a share
>>>> via cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also
>>>> tried it with Gentoo and samba 4.1.14). So I joined a member server
>>>> like the wiki describes. Everything works fine. I can manage the
>>>> users and permissions with the RSAT tools. For the linux side I use
>>>> rfc2307 and winbind on the member. So every user and group has a
>>>> uid and gid. I can login at the member server, but when I try to
>>>> access a shared folder it failed with permission denied. Here is
>>>> the output, I hope this helps to understand the problem:
>>>>
>>>> root at client9:/home/testsamba# mount -vt cifs //server1/studis
>>>> /data/studis -o user=klaus,sec=krb5
>>>> mount.cifs kernel mount options:
>>>> ip=192.168.170.1,unc=\\server1\studis,sec=krb5,user=klaus,pass=********
>>>>
>>>> root at client9:/home/testsamba# getfacl /data/studis/
>>>> getfacl: Entferne führende '/' von absoluten Pfadnamen
>>>> # file: data/studis/
>>>> # owner: root
>>>> # group: root
>>>> user::rwx
>>>> user:root:rwx
>>>> user:klaus:rwx
>>>> group::r-x
>>>> group:root:r-x
>>>> group:rt:rwx
>>>> group:studis:rwx
>>>> mask::rwx
>>>> other::---
>>>> default:user::rwx
>>>> default:user:root:rwx
>>>> default:user:klaus:rwx
>>>> default:group::r-x
>>>> default:group:root:r-x
>>>> default:group:rt:rwx
>>>> default:group:studis:rwx
>>>> default:mask::rwx
>>>> default:other::---
>>>>
>>>> root at client9:/home/testsamba# su klaus
>>>> klaus at client9:/home/testsamba$ id
>>>> uid=10000(klaus) gid=10000(rt) Gruppen=10000(rt)
>>>> klaus at client9:/home/testsamba$ cd /data/studis/
>>>> bash: cd: /data/studis/: Keine Berechtigung (permission denied)
>>>>
>>>> I dont understand, why it is not working. My questions are: Should
>>>> it work? Is it a bug or is it a problem in configuration?
>>>>
>>>
>>> OK, this appears to be a Unix problem, the user on the client cannot
>>> 'cd' into another dir, this really has nothing to do with cifs.
>>>
>>> What does ls -la /data show ?
>>>
>>> Rowland
>>>
>>>
>> Hello Rowland,
>>
>> while my tests I set up a member server that shares a folder, so I
>> can login as AD user. At this member server I could access the folder
>> (local). But if I mount the same folder to another member it did not
>> work. Thats why I dont think its a Unix problem but maybe I
>> misunterstood something.
>>
>> ls -la says
>> drwxrwx---+ 2 root root 0 Jan 19 15:59 studis
>>
>>
>>
>> Norbert
>
> No it didn't, it probably said something like:
>
> drwxr-x--- 3 root root 4096 Jan 22 11:18 .
> drwxr-xr-x 26 root root 4096 Jan 22 11:18 ..
> drwxr-xr-- 2 root root 4096 Jan 22 11:18 studis
>
You are right. I cut the rest.
> But anyway working from what you posted 'drwxrwx---+'
> The 'd' means it is a directory
> The first 'rwx' means that the owner 'root' can read, write and enter
> the directory
> The second 'rwx' means that members of the 'root' group can read,
> write and enter the directory
> The last '---' means that others cannot read, write or enter the directory
> The '+' means that there are ACL's on the directory
>
And I mean these ACL's, as I showed in my first post, the user klaus has
rwx rights on this folder. And he is also in the group rt which has rwx
rights too. When I access this folder locally it works, only the cifs
mounted folder doesn't use the ACL's. That is what I don't understand.
> Now unless 'klaus' is a member of the 'root' group, he will not be
> able to 'cd' into the directory at the Unix level. Try changing the
> setting with 'chmod -R o+x /data'
>
When I change the owner, shure it works. But I want to use ACL's.
> Rowland
Norbert
More information about the samba
mailing list