[Samba] zfsacl problem with share permissions set from Computer Management

Joe Frank joef at spectralogic.com
Thu Aug 10 16:13:25 UTC 2017


I'm using zfsacl on samba 4.6.6 on FreeBSD. File system ACLs work correctly, and Computer Management allows me to set share permissions (permissions are updated and displayed back correctly), but access doesn't appear to honor the configured share permissions. For example, users with file level ACLs that grant write permission are allowed to write even when share level permissions only grant read access to "Everyone".

I noticed a comment on a FreeNAS discussion that seems to indicate that zfsacl is incompatible with permissions stored in share_info.tdb:

"Caveat: It appears that samba will evaluates share_info.tdb and ZFS ACLs out of order. ZFS ACLs are given precedence. This means that administrators may need to disable the zfsacl vfs module in order for samba to properly use share_info.tdb to control access to shares."

This is in a post from December 2015:
https://forums.freenas.org/index.php?threads/cifs-smb-samba-tips-and-tricks.34995/​

I didn't find any bug report related to this. Is anyone aware of this issue or a work-around?



More information about the samba mailing list