[Samba] Standalone server and POSIX ACL issues (new one)

Yvan Masson yvan at masson-informatique.fr
Sat Aug 10 13:19:31 UTC 2019

Le 09/08/2019 à 22:34, Yvan Masson via samba a écrit :
> Le 09/08/2019 à 21:36, Rowland penny via samba a écrit :
>> On 09/08/2019 20:18, Yvan Masson via samba wrote:
>>> Hi list,
>>> For testing purpose, I am running a standalone Samba 4.9.5 on Debian 
>>> with the following smb.conf:
>>> [global]
>>> server role = standalone server
>>> map to guest = Bad User
>>> guest account = nobody
>> That is the standard guest account
>>> [test]
>>> path = /home/yvan/Partage/share
>>> guest ok = yes
>>> writable = yes
>>> inherit acls = yes
>>> I want "bob", "alice" and guest user to have full access to all files 
>>> in this share, so I made /home/yvan/share with the following ACL:
>> No, you don't, all right you do, but you shouldn't ;-)
>>   Either use authentication for the share, or allow guest access, not 
>> both.
> Yes I admit this test setup is not very realistic. A valid setup would 
> be read/write for authenticated users and read only for guests:
> # file: test
> # owner: root
> # group: root
> user::rwx
> user:bob:rwx
> user:alice:rwx
> user:nobody:r-x
> group::r-x
> mask::rwx
> other::---
> default:user::rwx
> default:user:bob:rwx
> default:user:alice:rwx
> default:user:nobody:r-x
> default:group::---
> default:mask::rwx
> default:other::---
> Unfortunately I have the same problem: guest can mount but not read 
> share contents.

So to sum up, setting ACL for the guest user is not enough for Samba, 
while it works for other users. It does not depend on which Unix user is 
used as guest.

I just found a very strange workaround: the right needs to be given to 
the primary group and not the user. For example, if my guest user is 
"nobody", then I would give rights to group "nogroup". I also tested to 
use alice as my guest user, and giving rights to group "alice" (not the 
user) works.

Any idea? Should I report an issue?


More information about the samba mailing list