[Samba] ACL - samba vs filesystem
lejeczek
peljasz at yahoo.co.uk
Thu Jul 19 10:46:43 UTC 2018
On 19/07/18 10:58, Rowland Penny via samba wrote:
> On Thu, 19 Jul 2018 10:32:04 +0100
> lejeczek via samba <samba at lists.samba.org> wrote:
>
>> hi guys
>>
>> my samba share has
>>
>> inherit acls = Yes
>>
>> and inherits(I guess) from global:
>>
>> create mask = 0744
>> directory mask = 0755
>>
>> Now, share's underlying filesystem has acls set on a folder:
>>
>> user::rwx
>> user:me:rwx
>> user:appmgr:r-x
>> group::---
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:me:rwx
>> default:user:appmgr:r-x
>> default:group::---
>> default:mask::rwx
>> default:other::---
>>
>> In shell when I create a file in that folder I see:
>>
>>
>> user::rw-
>> user:me:rwx #effective:rw-
>> user:appmgr:r-x #effective:r--
>> group::---
>> mask::rw-
>> other::---
>>
>> but when make new file in Windows client then shell shows:
>>
>> user::rwx
>> user:me:rwx #effective:---
>> user:appmgr:r-x #effective:---
>> group::---
>> mask::---
>> other::---
>>
>> Why is that? Am I missing something in samba's configuration?
>>
>> I'm thinking - ideally might be if I got rid of mask but I'm not sure
>> how.
>>
>> many thanks, L.
>>
>>
>>
> You don't give us much to go on,
what is it that I did not give out?
Samba is 4.7.1 on Centos 7.5
Except for:
inherit acls = Yes
everything is samba vanilla default.
One thing though is the shares are off glusterfs directly, so:
fs objects = glusterfs
glusterfs:volume = GROUP-WORK
path = /
and local filesystem is a mount via autofs with acl option.
> but I think you are mixing up using
I fail to see where I'm mixing those up.
I do not get how creating files, but also folders, gets me different
mask/effective between shell and windows clients, eg of a new folder:
shell's mkdir:
user::rwx
user:me:rwx
user:appmgr:r-x
group::---
mask::rwx
other::---
default:user::rwx
default:user:me:rwx
default:user:appmgr:r-x
default:group::---
default:mask::rwx
default:other::---
windows via samba:
user::rwx
user:me:rwx #effective:r-x
user:appmgr:r-x
group::---
mask::r-x
other::---
default:user::rwx
default:user:me:rwx
default:user:appmgr:r-x
default:group::---
default:mask::rwx
default:other::---
and parent folder has:
user::rwx
user:me:rwx
user:appmgr:r-x
group::---
mask::rwx
other::---
default:user::rwx
default:user:me:rwx
default:user:appmgr:r-x
default:group::---
default:mask::rwx
default:other::---
Why samba calculate it differently, I fail to get that.
> POSIX and Windows ACL's
> You should use one or the other, not both, see here:
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs
>
> and here:
>
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> Rowland
>
More information about the samba
mailing list