[Samba] Standalone server and POSIX ACL issues (new one)
Rowland penny
rpenny at samba.org
Fri Aug 9 21:21:57 UTC 2019
On 09/08/2019 21:34, Yvan Masson via samba wrote:
>
>
> Le 09/08/2019 à 21:36, Rowland penny via samba a écrit :
>> On 09/08/2019 20:18, Yvan Masson via samba wrote:
>>> Hi list,
>>>
>>> For testing purpose, I am running a standalone Samba 4.9.5 on Debian
>>> with the following smb.conf:
>>>
>>> [global]
>>> server role = standalone server
>>> map to guest = Bad User
>>> guest account = nobody
>> That is the standard guest account
>>>
>>> [test]
>>> path = /home/yvan/Partage/share
>>> guest ok = yes
>>> writable = yes
>>> inherit acls = yes
>>>
>>>
>>> I want "bob", "alice" and guest user to have full access to all
>>> files in this share, so I made /home/yvan/share with the following ACL:
>>
>> No, you don't, all right you do, but you shouldn't ;-)
>>
>> Either use authentication for the share, or allow guest access, not
>> both.
> Yes I admit this test setup is not very realistic. A valid setup would
> be read/write for authenticated users and read only for guests:
> # file: test
> # owner: root
> # group: root
> user::rwx
> user:bob:rwx
> user:alice:rwx
> user:nobody:r-x
> group::r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:bob:rwx
> default:user:alice:rwx
> default:user:nobody:r-x
> default:group::---
> default:mask::rwx
> default:other::---
>
> Unfortunately I have the same problem: guest can mount but not read
> share contents.
>>
>>> $ getfacl share
>>> # file: share
>>> # owner: root
>>> # group: root
>>> user::rwx
>>> user:bob:rwx
>>> user:alice:rwx
>>> user:nobody:rwx
>>> group::r-x
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:bob:rwx
>>> default:user:alice:rwx
>>> default:user:nobody:rwx
>>> default:group::---
>>> default:mask::rwx
>>> default:other::---
>>>
>>>
>>> I have two issues with this setup that I could not solve after many
>>> hours:
>>
>> No, you have one big issue, you are not using the ACLs you have set,
>> well not with Samba anyway, you will need to add:
>>
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>>
>> to [global] in smb.conf
>>
> Aaaaah wonderful! :-D
> Those parameters are not mentioned on "Setting up a Share Using POSIX
> ACLs" page in the wiki: can I add those or do you prefer to do it? (I
> am sure you explanations would be better than mine).
>
> Yvan
I will add something, it is mentioned in the wiki, just not on that page ;-)
Rowland
More information about the samba
mailing list