[Samba] permission denied with windows acls

Rowland Penny rpenny at samba.org
Mon Jan 29 21:08:26 UTC 2024


On Mon, 29 Jan 2024 12:51:37 -0800
Peter Carlson via samba <samba at lists.samba.org> wrote:


> 
> Just did a quick test, the big T comes after setting permissions in
> windows
> 
> root at fs1:/var/log# cd /data
> root at fs1:/data# mkdir -m 1777 test2

No it doesn't, you are setting it.

I set the permissions on the share directory like this:

mkdir -p /srv/mtest1
chown root:"Domain Admins" /srv/mtest1
chmod 0770 /srv/mtest1

Which is what it shows here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

> root at fs1:/data# chown root:"CARLSON\\domain admins" test2
> root at fs1:/data# vi /etc/samba/smb.conf
> root at fs1:/data# systemctl restart smbd.service
> root at fs1:/data# ls -ald /data/*
> drwxrwx--T+ 4 root CARLSON\domain admins 4096 Jan 26 16:13 /data/test
> drwxrwxrwt  2 root CARLSON\domain admins 4096 Jan 29 20:43 /data/test2

No, I take it back (slightly), you set the permissions with 't' (which
shows the sticky bit is set) and then when you change the permissions
from Windows, acl_xattr removes the 'rwx' from 'others', this changes
the 't' to a 'T'

At least that is what I think is happening.

The cure, stop setting the permissions to '1777' in the first place,
use '0770'

Rowland



More information about the samba mailing list