[Samba] cannot set filesystem permissions on shares

Rowland penny rpenny at samba.org
Thu Jul 4 09:03:19 UTC 2019 

On 04/07/2019 08:45, Pisch Tamás via samba wrote:
>>>> Run this : getfacl /home/users
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/users
>>> # owner: root
>>> # group: A\\domain\040admins
>>> user::rwx
>>> user:root:rwx
>>> user:10512:rwx
>>> group::rwx
>>> group:A\\domain\040admins:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:root:rwx
>>> default:group::rwx
>>> default:group:A\\domain\040admins:rwx
>>> default:mask::rwx
>>> default:other::---
>> Hmm, have you done something like running 'setfacl' on the directory ?
> No.
>
>> I ask this because, if you created the directory with:
>> mkdir /home/users
>> changed the ownership with:
>> chown root:'A\Domain Admins' /home/users
>> Changed the permissions with:
>> chmod 0770 /home/users
>> I would have expected 'getfacl' to return
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/users
>> # owner: root
>> # group: A\134domain\040admins
>> user::rwx
>> group::rwx
>> other::---
>> Yours appears to have extra lines that would normally only be there if
>> ACL's  had been set from Windows or with 'setfacl'.
>> There is also this:
>> A\\domain\040admins
>> If you look at what I would expect, the second '\' is replaced by '134',
>> this is the ascii code for '\' (040 is the code for a space), so why is
>> yours different from every other getfacl output I have ever seen ?
> I did the followings today:
> setfacl -b users
> chmod 0770 users
> chown "root:A\domain users" users
> getfacl users
> # file: users
> # owner: root
> # group: A\\domain\040users
> user::rwx
> group::rwx
> other::---
> So, the use of \\ is "automatic", I don't know other way to set it.
> But, after the reset, I still cannot change the directory permissions
> from Windows.
>
It looks like you may have found a bug in the 'acl' package ;-)

Debian 9 (Stretch) uses acl 2.2.52-3+b1
Debian 10 (Buster) uses acl 2.2.53-4

I am still on Stretch and if I run a couple of tests, creating a couple 
of directories and changing ownership as you have done, I always get the 
same result, which is different from you.

mkdir testA
chmod 0770 testA
chown root:"A\domain users" testA

getfacl testA
# file: testA
# owner: root
# group: A\134domain\040users
user::rwx
group::rwx
other::---

mkdir testB
chmod 0770 testB
chown "root:A\domain users" testB

getfacl testB
# file: testB
# owner: root
# group: A\134domain\040users
user::rwx
group::rwx
other::---

I am now wondering if because getfacl is returning this for you:

group: A\\domain\040users

When I get:

group: A\134domain\040users

is the problem ?

Rowland

More information about the samba mailing list