[Samba] cannot set filesystem permissions on shares
Rowland penny
rpenny at samba.org
Thu Jul 4 09:03:19 UTC 2019
On 04/07/2019 08:45, Pisch Tamás via samba wrote:
>>>> Run this : getfacl /home/users
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/users
>>> # owner: root
>>> # group: A\\domain\040admins
>>> user::rwx
>>> user:root:rwx
>>> user:10512:rwx
>>> group::rwx
>>> group:A\\domain\040admins:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:root:rwx
>>> default:group::rwx
>>> default:group:A\\domain\040admins:rwx
>>> default:mask::rwx
>>> default:other::---
>> Hmm, have you done something like running 'setfacl' on the directory ?
> No.
>
>> I ask this because, if you created the directory with:
>> mkdir /home/users
>> changed the ownership with:
>> chown root:'A\Domain Admins' /home/users
>> Changed the permissions with:
>> chmod 0770 /home/users
>> I would have expected 'getfacl' to return
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/users
>> # owner: root
>> # group: A\134domain\040admins
>> user::rwx
>> group::rwx
>> other::---
>> Yours appears to have extra lines that would normally only be there if
>> ACL's had been set from Windows or with 'setfacl'.
>> There is also this:
>> A\\domain\040admins
>> If you look at what I would expect, the second '\' is replaced by '134',
>> this is the ascii code for '\' (040 is the code for a space), so why is
>> yours different from every other getfacl output I have ever seen ?
> I did the followings today:
> setfacl -b users
> chmod 0770 users
> chown "root:A\domain users" users
> getfacl users
> # file: users
> # owner: root
> # group: A\\domain\040users
> user::rwx
> group::rwx
> other::---
> So, the use of \\ is "automatic", I don't know other way to set it.
> But, after the reset, I still cannot change the directory permissions
> from Windows.
>
It looks like you may have found a bug in the 'acl' package ;-)
Debian 9 (Stretch) uses acl 2.2.52-3+b1
Debian 10 (Buster) uses acl 2.2.53-4
I am still on Stretch and if I run a couple of tests, creating a couple
of directories and changing ownership as you have done, I always get the
same result, which is different from you.
mkdir testA
chmod 0770 testA
chown root:"A\domain users" testA
getfacl testA
# file: testA
# owner: root
# group: A\134domain\040users
user::rwx
group::rwx
other::---
mkdir testB
chmod 0770 testB
chown "root:A\domain users" testB
getfacl testB
# file: testB
# owner: root
# group: A\134domain\040users
user::rwx
group::rwx
other::---
I am now wondering if because getfacl is returning this for you:
group: A\\domain\040users
When I get:
group: A\134domain\040users
is the problem ?
Rowland
More information about the samba
mailing list