[Samba] Fix sharing ACL

Rowland Penny rpenny at samba.org
Mon Oct 24 14:19:43 UTC 2016 

On Mon, 24 Oct 2016 14:00:21 +0000 (UTC)
Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:

> Gentlemen, 
> 
> I am struggling to solve this problem. 
> My file server Samba 4.4.5. 
> Even the administrator user (domain admin) could not write to the
> share. Could someone give me a hint, in order to solve this problem?
> 
> shared folder: /mnt/data
> 
> Folder permissions:
> 
> # getfacl /mnt/data/teste/ 
> getfacl: Removing leading '/' from absolute path names 
> # file: mnt/data/teste/ 
> # owner: ricardo
> # group: domain\040admins 
> user::rwx 
> user:domain\040admins:rwx 
> user:ricardo:rwx 
> group::rwx 
> mask::rwx 
> other::r-x 
> default:user::rwx 
> default:user:domain\040admins:rwx 
> default:user:ricardo:rwx 
> default:group::rwx 
> default:group:domain\040admins:rwx 
> default:group:ti-infra:rwx 
> default:mask::rwx 
> default:other::r-x 
> 
> 
> 
> The smb.conf the fileserver:
> 
> 
> [data] 
> comment = Folder data
> path = /mnt/data 
> read only = no 
> browseable = yes 
> # 
> map acl inherit = yes 
> store dos attributes = yes 
> # 
> inherit acls = Yes 
> inherit permissions = Yes 
> guest account = guest 
> guest ok=yes 
> writeable = Yes 
> # Recycle
> vfs objects = acl_xattr, recycle, shadow_copy2, full_audit 
> #vfs objects = recycle, shadow_copy2 
> recycle:facility = LOCAL1 
> recycle:priority = NOTICE 
> recycle:maxsize = 0 
> recycle:directory_mode = 0774 
> recycle:subdir_mode = 0774 
> recycle:keeptree = true 
> recycle:touch = true 
> recycle:versions = true 
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin 
> recycle:exclude_dir = tmp, temp, cache 
> create mask = 0774 
> directory mask = 0774 
> # SHADOW COPY / SNAPSHOT 
> shadow:mountpoint = /mnt/data/ 
> shadow:snapdir = .snapshot 
> shadow:basedir = /mnt/ 
> shadow:sort = desc 
> shadow:localtime = yes 
> shadow:format = @GMT-%Y.%m.%d-%H.%M.%S 
> # AUDIT FILESERVER 
> full_audit:prefix = %u|%I|%S|%g 
> full_audit:success = all 
> full_audit:failure = all !open 
> full_audit:facility = local1 
> full_audit:priority = ALERT 
> 

Hi, can we see the rest of your smb.conf ?

Rowland

More information about the samba mailing list