[Samba] ACL - samba vs filesystem
Rowland Penny
rpenny at samba.org
Thu Jul 19 12:10:25 UTC 2018
On Thu, 19 Jul 2018 12:50:04 +0100
lejeczek via samba <samba at lists.samba.org> wrote:
> >> Samba is 4.7.1 on Centos 7.5
> yes, shell is posix and samba is win acl, yes.
>
> Samba is a PDC(the only controller) in classic mode, security = user
> (no AD), with ldap user backend.
>
> Windows boxes are clients of only that samba domain.
>
> When do shell/posix I do it on Samba server locally.
>
> If I, well.. certainly not purposefully so not I, again: pretty
> vanilla samba config, so... if samba ignores posix and calculates
> mask independently then where does she do it?
>
> inherit acls = Yes - this seems to work, ACLs are there but that
> mast/effective is not what posix gets me, and I'd like samba to do
> what setfacl mandates.
>
> Also: acl map full control = Yes - is set by default.
>
>
I haven't a clue, mainly because, even with several hints, you haven't
posted the smb.conf from the PDC (and until your latest post, I didn't
know this much).
What filesystem is running on the Centos machine ? is it ext4 or
something else that understands acls and attrs ? If so, are the 'acl' &
'attr' packages installed ?
If they are, then I would investigate the security.NTACL extended
attribute.
Finally, can I leave you with these wise words:
Start planning the upgrade of your NT4-style domain to an Active
Directory one now, before it is too late.
Rowland
More information about the samba
mailing list