[Samba] cannot set filesystem permissions on shares

Pisch Tamás pischta at gmail.com
Thu Jul 4 09:22:25 UTC 2019 

> >>>> Run this : getfacl /home/users
> >>> getfacl: Removing leading '/' from absolute path names
> >>> # file: home/users
> >>> # owner: root
> >>> # group: A\\domain\040admins
> >>> user::rwx
> >>> user:root:rwx
> >>> user:10512:rwx
> >>> group::rwx
> >>> group:A\\domain\040admins:rwx
> >>> mask::rwx
> >>> other::---
> >>> default:user::rwx
> >>> default:user:root:rwx
> >>> default:group::rwx
> >>> default:group:A\\domain\040admins:rwx
> >>> default:mask::rwx
> >>> default:other::---
> >> Hmm, have you done something like running 'setfacl' on the directory ?
> > No.
> >
> >> I ask this because, if you created the directory with:
> >> mkdir /home/users
> >> changed the ownership with:
> >> chown root:'A\Domain Admins' /home/users
> >> Changed the permissions with:
> >> chmod 0770 /home/users
> >> I would have expected 'getfacl' to return
> >> getfacl: Removing leading '/' from absolute path names
> >> # file: home/users
> >> # owner: root
> >> # group: A\134domain\040admins
> >> user::rwx
> >> group::rwx
> >> other::---
> >> Yours appears to have extra lines that would normally only be there if
> >> ACL's  had been set from Windows or with 'setfacl'.
> >> There is also this:
> >> A\\domain\040admins
> >> If you look at what I would expect, the second '\' is replaced by '134',
> >> this is the ascii code for '\' (040 is the code for a space), so why is
> >> yours different from every other getfacl output I have ever seen ?
> > I did the followings today:
> > setfacl -b users
> > chmod 0770 users
> > chown "root:A\domain users" users
> > getfacl users
> > # file: users
> > # owner: root
> > # group: A\\domain\040users
> > user::rwx
> > group::rwx
> > other::---
> > So, the use of \\ is "automatic", I don't know other way to set it.
> > But, after the reset, I still cannot change the directory permissions
> > from Windows.
> >
> It looks like you may have found a bug in the 'acl' package ;-)
> Debian 9 (Stretch) uses acl 2.2.52-3+b1
> Debian 10 (Buster) uses acl 2.2.53-4
> I am still on Stretch and if I run a couple of tests, creating a couple
> of directories and changing ownership as you have done, I always get the
> same result, which is different from you.
> mkdir testA
> chmod 0770 testA
> chown root:"A\domain users" testA
> getfacl testA
> # file: testA
> # owner: root
> # group: A\134domain\040users
> user::rwx
> group::rwx
> other::---
> mkdir testB
> chmod 0770 testB
> chown "root:A\domain users" testB
> getfacl testB
> # file: testB
> # owner: root
> # group: A\134domain\040users
> user::rwx
> group::rwx
> other::---
> I am now wondering if because getfacl is returning this for you:
> group: A\\domain\040users
> When I get:
> group: A\134domain\040users
> is the problem ?
ls -l
...
drwxrwx---   2 root A\domain users  4096 jún   26 15:52 users
What do you see with ls?
Maybe it is good on the filesystem, just the acl package shows it
incorreclty? Does Samba use acl too, and this is why I cannot see/set
the permissions from Windows?

More information about the samba mailing list