Is there any solution / Work around to make this work in current samba releases, can one expect this to be resolved some time?
Felix Am 2011-05-22 01:24, schrieb TAKAHASHI Motonobu:
From: Felix Joussein<[email protected]> Date: Mon, 16 May 2011 13:42:44 +0200I've observed the following missbehaivoure, while playing around with nc acl's. (see relevant configuration below): Working with Windows XP: Open acl enabled share Set default share permissions by right click on the explorer's top left clip control -> properties. Under security I remove the CREATOR-OWNER and CREATORUSER Group, as I already know, that these two default groups cause trouble while saving acl's and result in a Windows Error Message "Invalid Parameter". Also I set some default security settings for users and groups accordingly to my needs and I apply it to This Folder, and any sub folder or file. After applying to all new settings, I create a folder. As expected my default share security settings have been inherited to the new folder. I add an additional user to the acl and take care, that the inheritance is also "Folder, sub folder and file". I create a new sub folder to this one and check the acl. Here is the unwanted behavior: The new sub folder got user permissions from it's parent folder, but unlike the default share permissions which have been inherited, the additional user's permissions have not been inherited but have been copied. When I set the option "Inherit permissions to sub elements as far as applicable", and apply, then a new acl entry is created with the same user but this time inherited. Now I can delete the copied settings, and apply to everything. I hope, these explanations where clear enough. Here now the configuration: Version: 3.5.8~dfsg-1ubuntu2.1 smb.conf: [acl] comment = ACL Labor path = /home/acllabor vfs objects = acl_xattr read only = no browsable = yes valid users = me,you acl map full control = false inherit acls = yes map acl inherit = yes map read only = Permissions map archive = no map hidden = no map system = no nt acl support = yes acl group control = true dos filemode = yes enable privileges = yes store dos attributes = yes mount options: /dev/mapper/system-user on /home type ext4 (rw,errors=remount-ro,acl,user_xattr,)AFAIK, "map acl inherit = yes" does not work well: https://bugzilla.samba.org/show_bug.cgi?id=6841 Also acl_xattr will not work as you expected, because even if you enable acl_xattr, POSIX ACL semantics is still used in actual access control and inheriting ACLs. P.S. "map read only" parameter is always ignored when "store dos attributes = yes". --- TAKAHASHI Motonobu<[email protected]>
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
