[Samba] Standalone server and POSIX ACL issues (new one)
Yvan Masson
yvan at masson-informatique.fr
Fri Aug 9 20:34:57 UTC 2019
Le 09/08/2019 à 21:36, Rowland penny via samba a écrit :
> On 09/08/2019 20:18, Yvan Masson via samba wrote:
>> Hi list,
>>
>> For testing purpose, I am running a standalone Samba 4.9.5 on Debian
>> with the following smb.conf:
>>
>> [global]
>> server role = standalone server
>> map to guest = Bad User
>> guest account = nobody
> That is the standard guest account
>>
>> [test]
>> path = /home/yvan/Partage/share
>> guest ok = yes
>> writable = yes
>> inherit acls = yes
>>
>>
>> I want "bob", "alice" and guest user to have full access to all files
>> in this share, so I made /home/yvan/share with the following ACL:
>
> No, you don't, all right you do, but you shouldn't ;-)
>
> Either use authentication for the share, or allow guest access, not both.
Yes I admit this test setup is not very realistic. A valid setup would
be read/write for authenticated users and read only for guests:
# file: test
# owner: root
# group: root
user::rwx
user:bob:rwx
user:alice:rwx
user:nobody:r-x
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:bob:rwx
default:user:alice:rwx
default:user:nobody:r-x
default:group::---
default:mask::rwx
default:other::---
Unfortunately I have the same problem: guest can mount but not read
share contents.
>
>> $ getfacl share
>> # file: share
>> # owner: root
>> # group: root
>> user::rwx
>> user:bob:rwx
>> user:alice:rwx
>> user:nobody:rwx
>> group::r-x
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:user:bob:rwx
>> default:user:alice:rwx
>> default:user:nobody:rwx
>> default:group::---
>> default:mask::rwx
>> default:other::---
>>
>>
>> I have two issues with this setup that I could not solve after many
>> hours:
>
> No, you have one big issue, you are not using the ACLs you have set,
> well not with Samba anyway, you will need to add:
>
> vfs objects = acl_xattr
> map acl inherit = Yes
>
> to [global] in smb.conf
>
Aaaaah wonderful! :-D
Those parameters are not mentioned on "Setting up a Share Using POSIX
ACLs" page in the wiki: can I add those or do you prefer to do it? (I am
sure you explanations would be better than mine).
Yvan
More information about the samba
mailing list