[Samba] 4.4.14 on solaris, using ads, can't read/write as user

francis picabia fpicabia at gmail.com
Fri Jun 30 17:35:26 UTC 2017


On Fri, Jun 30, 2017 at 11:32 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Fri, 30 Jun 2017 11:13:25 -0300
> francis picabia via samba <samba at lists.samba.org> wrote:
>
> > On Fri, Jun 30, 2017 at 10:26 AM, Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > >
> > >
> > > OK, What filesystem are you using ?
> > >
> > >
> > On Solaris /tmp is technically swap.
> > The partitions are generally set up as UFS, such as /
> > which is on /dev/dsk/c1t1d0s0
> >
> > # fstyp /dev/dsk/c1t1d0s0
> > ufs
>
> Try altering fstab to include 'acls' as an option, then add this to
> smb.conf:
>
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
> you will also need the solaris equivalents of the 'acl' & 'attr'
> packages found on Debian.
>
> This will get you closer to ACLs that AD expects.
>
>
ACLs are already available to UFS, but not configured on the file to be
different than what ls -l shows.

getfacl on a sample file on Solaris confirms the permission is the same as
for ls -l view

We have a Debian system running Samba 4.1 which has nothing added
for acls - just regular ext4 - and it works OK for mapped user.

I've tried the settings you've suggested and it didn't change the
permissions of overwriting
or removing a file over samba.  If I made the file 777, then Samba user can
remove it.

Can you point to a changelog discussing how ACLs are now required to make
user mapping work?  We've never needed ACLs in over a decade of using Samba
from Solaris.


More information about the samba mailing list