[Samba] ACL - samba vs filesystem

lejeczek peljasz at yahoo.co.uk
Thu Jul 19 12:42:24 UTC 2018 

On 19/07/18 13:14, lejeczek via samba wrote:
> On 19/07/18 10:32, lejeczek via samba wrote:
>> hi guys
>>
>> my samba share has
>>
>> inherit acls = Yes
>>
>> and inherits(I guess) from global:
>>
>> create mask = 0744
>> directory mask = 0755
>>
>> Now, share's underlying filesystem has acls set on a folder:
>>
>> user::rwx
>> user:me:rwx
>> user:appmgr:r-x
>> group::---
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:me:rwx
>> default:user:appmgr:r-x
>> default:group::---
>> default:mask::rwx
>> default:other::---
>>
>> In shell when I create a file in that folder I see:
>>
>>
>> user::rw-
>> user:me:rwx            #effective:rw-
>> user:appmgr:r-x            #effective:r--
>> group::---
>> mask::rw-
>> other::---
>>
>> but when make new file in Windows client then shell shows:
>>
>> user::rwx
>> user:me:rwx            #effective:---
>> user:appmgr:r-x            #effective:---
>> group::---
>> mask::---
>> other::---
>>
>> Why is that? Am I missing something in samba's configuration?
>>
>> I'm thinking - ideally might be if I got rid of mask but I'm not sure 
>> how.
>>
>> many thanks, L.
>>
>>
>>
> seems that in my case these make difference:
>
> create mask = 0744
> directory mask = 0755
>
> if these two are as above then these masks are actually applied and 
> though "inherit acls = Yes" does it's job I end up with (re)calculated 
> effective permissions(different from acl/setfacl asks/sets). Which all 
> in all is probably normal & expected.
>
> Although it defeats my logic I confess, I mean it ... "inherit acls = 
> Yes" would/should take with FS's mask along, yet "% mask = $.." in 
> samba config collides/overrides filesystem's mask.
>
>
>
>
and how that works - boggles my mind even more,

having a folder(created by smb/windows)

user::rwx
user:me:rwx
user:appmgr:r-x
group::---
mask::rwx
other::---
default:user::rwx
default:user:me:rwx
default:user:appmgr:r-x
default:group::---
default:mask::rwx
default:other::---

that folder created while smb config already changed to:

   create mask = 0774
   directory mask = 0775

(so seems that dir mask matches/aligns (samba does not change it) with 
filesystem)

And then I create(in smb/win) a file in this newly created folder and:

user::rwx
user:me:rwx            #effective:-w-
user:appmgr:r-x            #effective:---
group::---
mask::-w-
other::---

How samba does it I do not get, yet another confession of mine would be: 
not an expert on those bit-wise operations.

More information about the samba mailing list