On Wed, May 15, 2002 at 11:22:41AM +0200, Michael Leun wrote:
> Hello,
>
> Sometimes I have to create and use Navision Databases on samba shares - this
> works with samba 2.0.x but does not with samba 2.2.x (tried 2.2.3a and 2.2.4).
>
> The following tests were done with a acl enabeled samba and an acl aware
> kernel/filesystem, but I also have done these tests with acl not compiled into
> samba on an host without acl in the kernel - same result, does not work, same
> error-messages on the w$ side.
>
> When I create the database the acls look like this:
>
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::r-x
> group::r-x
> mask::rwx
> other::r-x
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18689 from pid 18689)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/READ
> ACL:LARA\test:ALLOWED/0/READ
> ACL:everyone:ALLOWED/0/READ
>
> OK, this has created the database RO (or set the permissions to RO after
> creating). Of course I get an permission error if I restart navision.
>
> But when I create a database on an NTFS drive, the Permissions look like this:
>
> lara:/var/log/samba # smbcacls //mleun/c$ test.fdb -U ml
> INFO: Debug class all level = 0 (pid 18714 from pid 18714)
> Password:
> REVISION:1
> OWNER:VORDEFINIERT\Administratoren
> GROUP:MLEUN\Kein
> ACL:everyone:ALLOWED/0/FULL
>
> Did the same thing (except the Path for the database, of course) but get really
> different acls.
>
> OK, lets set the acls on the database-file and try to open...:
>
> lara:/home/test # setfacl -m u::rwx test.fdb
> lara:/home/test # setfacl -m g::rwx test.fdb
> lara:/home/test # setfacl -m o::rwx test.fdb
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::rwx
> group::rwx
> mask::rwx
> other::rwx
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18730 from pid 18730)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/FULL
> ACL:LARA\test:ALLOWED/0/FULL
> ACL:everyone:ALLOWED/0/FULL
>
> Opening the database fails - access denied.
>
> Now the acls look like this:
>
> lara:/home/test # getfacl test.fdb
> # file: test.fdb
> # owner: test
> # group: test
> user::r--
> group::---
> mask::rwx
> other::rwx
>
> lara:/var/log/samba # smbcacls //lara/test test.fdb -U test
> INFO: Debug class all level = 0 (pid 18735 from pid 18735)
> Password:
> REVISION:1
> OWNER:LARA\test
> GROUP:LARA\test
> ACL:LARA\test:ALLOWED/0/O
> ACL:LARA\test:ALLOWED/0/R
> ACL:everyone:ALLOWED/0/FULL
>
>
> If i change owner/group to root.root and make the file o+rwx the access also
> fails - maybe because the attempt to change the acls fails.
>
> Any ideas?
>
> If I should provide logfiles/debugoutput - no problem, please tell me, what
> loglevel/options i should use to produce meaningful results.
>
> Please CC me, I'm not subscribed.
Can you either send me a copy of the database application so I
can try this myself (preferred), or send me a debug level 10 log
from the smbd so I can see how the ACL requests are being interpreted.
Please do this asap as I'd like to ensure this is fixed for 2.2.5.
Thanks,
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
