[Samba] Issues with acl_xattr module

Thu, 30 May 2013 10:21:16 -0700

Hi all, i'm new in this mailing list, i need some help with a problem i experience with my samba setup.
I set up a fileserver on top of debian 6 with samba-3.6.6 on an XFS filesystem partition. 


I tried to use vsf acl_xattr for better windows compatibility and it 
seems generally working good, but i experience some strange behavior: I 
added two acls with different restrictions one for a user and the other 
for a group the user is member of, it seems that the more restrictive 
permissions are evaluated.



To reproduce the problem i used a domain user that is member of group1 
and that group1 has read-wrire(modify) permissions on the file i want to 
write to. As soon as i apply another acl with read-only permission on 
the same file for the specified user, i can't write to file anymore.
The very strange thing is that as i try to apply a read only acl to 
group and a read write acl to user i can write the file normally.



I dont know if this is some sort of my misconfiguration or wrong 
filesystem permision on top of the share i tried many variations 
including enabling end disabling acl_xattr:ignore system acls option. 
but no change.



Filesystem is XFS and comes with extended attributes enabled. Follows 
the global smb.conf and the share definition.


Any help will be appreciated.

Mitja Tavcar

[global]
        workgroup = INTRA
        realm = INTRA.COMUNE.TRENTO.IT
        server string = File server applicazioni
        security = ADS
        log file = /var/log/samba/%m-%U.smbd
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        local master = No
        domain master = No
        registry shares = Yes
        template shell = /bin/bash
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config INTRA : range = 10000-99999
        idmap config INTRA : backend = rid
        idmap config * : range = 1000000-2000000
        idmap config * : backend = tdb
        hosts allow = 192.168.0.0/255.255.0.0, 10.2.0.0/255.255.0.0

[pippo$]
path = /smbmnt/disk_servizi/Servizi/pippo/
read only = no
browseable = No
store dos attributes = Yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = Yes
ea support = Yes
inherit acls = Yes
guest ok = no
available = yes
inherit permissions = yes
map acl inherit = yes
acl map full control = no



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba














    











					Reply via email to