[Samba] POSIX ACLs are not inherited after upgrade - behaviour changed?
Henry Jensen
hjensen at mailbox.org
Mon Jul 4 16:02:31 UTC 2022
Am Mon, 04 Jul 2022 16:17:55 +0100
schrieb Rowland Penny via samba <samba at lists.samba.org>:
> On Mon, 2022-07-04 at 16:52 +0200, Henry Jensen via samba wrote:
> > I have several Samba servers running as (Samba) AD Domain members on
> > Devuan Ascii (= Debian 9) with Samba 4.5.x, using Posix ACLs
>
> The question has to be, why are you still running such an old distro ?
> No, I am not Devuan bashing, I am running Beowulf at the moment.
Because Devuan Ascii was still supported until last week. Maybe I should have
upgraded a long time ago, but that wouldn't have eliminate the problem, it
would have just appeared earlier.
> While you have posted portions of your smb.conf, they are not much use
> without the '[global]' portion.
OK, here is the complete thing
[global]
workgroup = MYDOM
security = ADS
realm = MYDOM.LAN
# Default idmap config for local BUILTIN accounts and groups
idmap config *:backend = tdb
idmap config *:range = 80001-90000
# idmap config for the MYDOM domain
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 500-80000
# >Samba 4.6.0
idmap config MYDOM:unix_nss_info = yes
# < Samba 4.6.0
# winbind nss info = rfc2307
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
username map = /etc/samba/user.map
log level = 3 passdb:3 auth:3
Dos charset = 850
unix charset = UTF-8
vfs objects = recycle
recycle: repository = .Papierkorb/%U
recycle:directory_mode = 0777
recycle:subdir_mode = 0770
recycle: keeptree = Yes
recycle: exclude = *.tmp, *.temp, *.log, *.ldb
recycle: exclude_dir = tmp
recycle:versions = Yes
[myshare]
path = /data/myshare
public = no
writeable = yes
hide unreadable = yes
create mask = 1660
directory mask = 1770
inherit owner = yes
inherit permissions = yes
inherit acls = yes
acl group control = yes
Now back to the question: ACL's were inherited in Samba <= 4.5.x without
default ACLs, in Samba 4.9.x they aren't. Was this change in behaviour
intended (and which item in the release notes did I miss)?
Regards,
Henry
More information about the samba
mailing list