[Samba] ACLs woes after upgrade from 3.6 to 4.9.5

Emmanuel Florac eflorac at intellique.com
Fri Feb 26 14:27:20 UTC 2021


Hi all,

I've upgraded a Debian server that was still running 3.6.20 to the
current Debian stable with samba 4.9.5. The smb.conf file hasn't been
changed and has many weird entries, but the big problem is that ACLs
behaviour completely changed.

Typically, when copying/moving files, they get entirely different
rights than the source. On-disk ACLs haven't been changed, so I suppose
that's the Samba default that have. I don't want to try randomly
enabling / disabling posix acls / inherit acls settings...


Here's the smb.conf:

[global]
        block size = 4096
        directory mask = 0775
        disable spoolss = yes 
        dns proxy = no
        domain master = no
        encrypt passwords = true
        guest account = nobody
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        invalid users = root
        load printers = no
        local master = no
        max log size = 1000
        name resolve order = wins lmhosts host bcast
        nt acl support = yes
        obey pam restrictions = yes
        os level = 20
        panic action = /usr/share/samba/panic-action %d
        passdb backend = tdbsam
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n . passwd program = /usr/bin/passwd
%u preferred master = no
        preserve case = yes
        printcap name = /dev/null 
        printing = bsd
        security = user
        server string = %h server (Samba %v)
        short preserve case = yes
        syslog = 0;
        syslog only = no
        template shell = /bin/false
        unix password sync = yes
        winbind cache time = 10
        winbind enum groups = yes
        winbind enum users = yes
        winbind separator = +
        wins server = 127.0.0.1
        wins support = no
        workgroup = WORKGROUP
        usershare max shares = 0

[Masters]
        writeable = yes
        path = /mnt/raid/Masters


(there are other shares, but exact same settings). The directory mask
setting have been added to try to change the behaviour, to no avail.

Cheers,
-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: Signature digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20210226/34e65209/attachment.sig>


More information about the samba mailing list