[Samba] Linux fs ACL ignored for Samba4 share in Windows?

Tue Mar 10 03:51:51 MDT 2015

This command lists all directories in iss_num. However the . (iss_num
itself) has drwxrwxr-x

Now for the incriminating file example that shows abnormal ACL in
Windows: the file resides in iss_num/am/uz and has -rwxrwxrwx

So there is no + in listing for share directory nor for files in the
directory structure.

Peter

Dňa 10.03.2015 o 10:37 Rowland Penny napísal(a):
> On 10/03/15 07:16, Mgr. Peter Tuharsky wrote:
>> Hm, it is quite large. I will snip all comments out and all shares that
>> are not interesting
>>
>> smb.conf:
>>
>> [global]
>>
>>     workgroup = ldap1.sk
>>     server string = server %L
>>     wins support = no
>>     dns proxy = no
>>     netbios aliases = datastore dokumenty iss pravo prenos matriky
>>     log file = /var/log/samba/log.%m
>>     max log size = 1000
>>     syslog = 0
>>     panic action = /usr/share/samba/panic-action %d
>>     log level = 2
>>     security = domain
>>     encrypt passwords = true
>>     passdb backend = tdbsam
>>     obey pam restrictions = no
>>     unix password sync = no
>>     map to guest = bad user
>>     domain logons = no
>>     domain master = auto
>>     local master = no
>>     usershare allow guests = no
>>
>>
>> include = /etc/samba/smb-global.conf
>> include = /etc/samba/smb-datastore.conf
>>
>>
>> smb-global.conf:
>> [global]
>>
>>      dos charset = 852
>>      unix charset = UTF8
>>      dos filetimes = yes
>>      browseable = no
>>      guest ok = no
>>      public = no
>>      writable = yes
>>      unix extensions = no
>>      follow symlinks = yes
>>
>> smb-datastore.conf:
>>
>> [iss_num]
>>      path = /mnt/data_raid/iss_num
>>      comment = Projekt ISS_NUM
>>      locking = yes
>>      default case = lower
>>      preserve case = no
>>
>> Dňa 09.03.2015 o 10:49 Rowland Penny napísal(a):
>>> On 09/03/15 09:21, Mgr. Peter Tuharsky wrote:
>>>> Hallo,
>>>>
>>>> we have Samba 3 domain w/LDAP backend. Recently we have set up Samba
>>>> 4.1.7 fileserver, a member of the domain, as a first step of full
>>>> migration to Samba 4.
>>>>
>>>> Now, we have problem with file ACL on the Samba4 fileserver. Linux
>>>> ext4
>>>> fs has 777 ACLs for the file. Why does it look like in Windows
>>>> (both XP
>>>> and 2k8r2) that "Everyone" has not write permission?
>>>>
>>>> Sincerely
>>>> Peter
>>>>
>>> Hi, any chance you can post the smb.conf from the samba 4.1.7
>>> fileserver ?
>>>
>>> Rowland
>>>
>
> OK, after I removed the default settings, I ended up with this:
>
> [global]
>    workgroup = ldap1.sk
>    server string = server %L
>    dns proxy = no
>    netbios aliases = datastore dokumenty iss pravo prenos matriky
>    log file = /var/log/samba/log.%m
>    max log size = 1000
>    syslog = 0
>    panic action = /usr/share/samba/panic-action %d
>    log level = 2
>    security = domain
>    map to guest = bad user
>    local master = no
>    dos charset = 852
>    browseable = no
>    writable = yes
>    unix extensions = no
>
> [iss_num]
>     path = /mnt/data_raid/iss_num
>     comment = Projekt ISS_NUM
>     locking = yes
>     preserve case = no
>
> Everything looks ok, provided the machine has been joined to the
> domain. I personally wouldn't use a dot in the workgroup name, but I
> don't think this is your problem. What I think is happening, is that
> you are mixing up Unix and windows acls, what does 'ls -la
> /mnt/data_raid/iss_num' show, is there a '+' sign at the end of the
> acl ? i.e. is it 'rwxrwxrwx' or 'rwxrwxrwx+'
>
> Rowland
>