----- Original Message ----- > From: "steve" <[email protected]> > To: [email protected] > Sent: Wednesday, February 27, 2013 2:34:20 AM > Subject: [Samba] Fwd: Re: CIFS Mount Obeying ACLs > > Sorry Andrew, I forgot to send to the list. > > > -------- Original Message -------- > Subject: Re: [Samba] CIFS Mount Obeying ACLs > Date: Wed, 27 Feb 2013 09:32:48 +0100 > From: steve <[email protected]> > To: Andrew Martin <[email protected]> > > > > On 27/02/13 01:03, Andrew Martin wrote: > > Hello, > > > > I have configured a Samba 3 fileserver (on Ubuntu 12.04) joined to > > a Samba 4.0.3 (AD) domain. I have configured a number of ACLs for > > restricting access to directories on the share, which works well > > when accessing the share from Windows. However, mounting the share > > from another Linux machine (Ubuntu 12.04) using CIFS does not > > appear to obey the ACLs (e.g. a user can access files that they > > should not have permission to access). Checking the kernel, I can > > see that CONFIG_CIFS_POSIX, CONFIG_CIFS_ACL and CONFIG_CIFS_XATTR > > are enabled: > > CONFIG_CIFS=m > > CONFIG_CIFS_STATS=y > > # CONFIG_CIFS_STATS2 is not set > > CONFIG_CIFS_WEAK_PW_HASH=y > > CONFIG_CIFS_UPCALL=y > > CONFIG_CIFS_XATTR=y > > CONFIG_CIFS_POSIX=y > > # CONFIG_CIFS_DEBUG2 is not set > > CONFIG_CIFS_DFS_UPCALL=y > > CONFIG_CIFS_FSCACHE=y > > CONFIG_CIFS_ACL=y > > > > Any ideas on why the CIFS mount will not obey the ACLs? > > > > Thanks, > > > > Andrew > Hi Andrew, hi everyone > 4.0.4 git DC and file server > > I'm tearing my hair out on this one too. No matter what I set in > smb.conf or using setfacl on the Linux client, any file created on a > cifs mount is _always_ created 0777. > > I see that the default in smb.conf is: > create mode = 0777 > but even overriding this with: > create mode = 0644 > either in [global] or in a separate share, > still produces files with 0777 permissions no matter what. > > I really would like to solve this one. Several threads here, on > samba-technical and on my distro list have so far drawn a blank. > Cheers, > Steve > Steve,
My problem is a bit different. I have restricted access on a folder to all but a single domain group: $ getfacl testdir # file: testdir # owner: 516 # group: users user::rwx user:9872:rwx group::rwx group:group1:r-- group:group2:rwx mask::rwx other::--- Thus, members of group2 should have rwx access to testdir, which they do when connecting to the share from Windows, but not when mounting it over CIFS. The CIFS client machine is running Ubuntu 12.04. I have tried this on Linux clients that are domain members (via winbind) and those which are not and are just mounting the CIFS share. The behavior in both cases is the same. Can anyone provide inside into why ACLs are not being obeyed over CIFS on Linux? Thanks, Andrew > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
