[Samba] Standalone server and POSIX ACL issues (new one)

Rowland penny rpenny at samba.org
Fri Aug 9 19:36:37 UTC 2019


On 09/08/2019 20:18, Yvan Masson via samba wrote:
> Hi list,
>
> For testing purpose, I am running a standalone Samba 4.9.5 on Debian 
> with the following smb.conf:
>
> [global]
> server role = standalone server
> map to guest = Bad User
> guest account = nobody
That is the standard guest account
>
> [test]
> path = /home/yvan/Partage/share
> guest ok = yes
> writable = yes
> inherit acls = yes
>
>
> I want "bob", "alice" and guest user to have full access to all files 
> in this share, so I made /home/yvan/share with the following ACL:

No, you don't, all right you do, but you shouldn't ;-)

  Either use authentication for the share, or allow guest access, not both.

> $ getfacl share
> # file: share
> # owner: root
> # group: root
> user::rwx
> user:bob:rwx
> user:alice:rwx
> user:nobody:rwx
> group::r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:bob:rwx
> default:user:alice:rwx
> default:user:nobody:rwx
> default:group::---
> default:mask::rwx
> default:other::---
>
>
> I have two issues with this setup that I could not solve after many hours:

No, you have one big issue, you are not using the ACLs you have set, 
well not with Samba anyway, you will need to add:

     vfs objects = acl_xattr
     map acl inherit = Yes

to [global] in smb.conf


Rowland





More information about the samba mailing list