Sylvain if I understand your problem correctly, you are getting problems with a Windows "feature".
IIRC what happens is that when you copy a directory windows also changes the ACLs to match that on it's own filesystem (if it recognizes that the user belongs to the domain). I don't think this is a samba problem. Simo. On Wed, 2006-07-12 at 17:12 +0200, [EMAIL PROTECTED] wrote: > Hi, > > I sent an email on the mailing list of bestsbits > (http://acl.bestbits.at/pipermail/acl-devel/2006-July/001980.html) > because if nobody answer on this mailing list , it's probably directly > linked to ACLs? > But, I really don't know if the problem is only with bestsbits or only > with samba because I can reproduce the bug only in samba, not in > console. So this bug seems to be linked to samba ? > > Am I the only one who would like to use ACLs ? Are there any other > solution to have a fine grained access rules which works with samba? > (like trustees) > because if default ACLs don't works, I think using ACLs is a no sense. > > For the while - hopping sometime this bug will be fix - I use a dirty > script run by cron which check & fix ACLs. > I know it's dirty... but I have I any other choice ? > > I give up with this mistery. I'm too tired. > > [EMAIL PROTECTED] a écrit : > > Hi, > > > > I use samba 3.0.22 as PDC on Debian with workstations under windows XP > > SP1 and SP2. > > I use ACLs to have a fine grained access rules. > > > > When I copy a directory from a client to a samba share, default ACLs > > are forgiven. > > exemple : after I copy the directory A on the samba share : > > getfacl A/ > > # file: A/ > > # owner: user1 > > # group: sambausers > > user::rwx > > group::--- > > other::--- > > default:user::rwx > > default:group::--- > > default:other::--- > > > > But the parent directory has default ACLs, I can prove it : > > getfacl . > > # file: . > > # owner: user1 > > # group: sambausers > > user::rwx > > user:root:rwx > > user:bacula:r-x > > group::--- > > group:sambaguests:rwx > > group:User_Standard:rwx > > group:User_Lead:rwx > > mask::rwx > > other::--- > > default:user::rwx > > default:user:root:rwx > > default:user:bacula:r-x > > default:group::--- > > default:group:sambaguests:rwx > > default:group:User_Standard:rwx > > default:group:User_Lead:rwx > > default:mask::rwx > > default:other::--- > > > > Is it a bug ? because default ACLs are applied if I copy files. So Why > > different behavior between directory and files ? > > I noticed that it happened only to local directories which belong to > > MYDOMAIN\user. If the owner of the local directory is > > LOCALCOMPUTER\user the default ACLs is applied correctly. But once > > again, it concerns only directory. When the file belong to > > MYDOMAIN\user ACLs are applied correctly. > > > > All what I want is that default ACLs are applied all the time whatever > > the owner of local directory. > > > > I try to play with "directory security mask", "force directory > > security mode", inherit permissions without success. > > Thank you for your help, I really don't know what to do. > > > > My smb.conf looks like that : > > > > # > > ----------------------------------------------------------------------------- > > > > > > # Global parameters > > # > > ----------------------------------------------------------------------------- > > > > > > [global] > > dos charset = 850 > > unix charset = ISO8859-1 > > workgroup = elb-lyon > > netbios name = server02 > > server string = server02.elb-lyon > > os level = 65 > > domain logons = Yes > > domain master = Yes > > local master = Yes > > preferred master = Yes > > wins support = Yes > > > > obey pam restrictions = Yes > > passdb backend = tdbsam, guest > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n > > *ReType*new*UNIX*password* %n\n > > *passwd:*all*authentication*tokens*updated*successfully* > > passwd chat debug = Yes > > pam password change = Yes > > unix password sync = Yes > > > > syslog = 0 > > log level = 2 > > # log level max = 10 > > log file = /var/log/samba/log.%m > > max log size = 25600 > > dns proxy = No > > panic action = /usr/share/samba/panic-action %d > > invalid users = root2 > > > > # paramètres samba utilisateur par defaut > > logon drive = P: > > logon home = \\server02\%U > > logon path = \\server02\profiles\%U > > logon script = %U.cmd > > > > # gestion des comptes posix automatique :) > > # Gestion des comptes POSIX > > add machine script = /usr/sbin/useradd -g sambamachines -c > > Machine -d /dev/null -s /bin/false '%u' > > add user script = /usr/sbin/useradd -g sambausers -c > > Utilisateur -d /dev/null -s /bin/false '%u' > > add group script = /usr/sbin/groupadd '%g' > > add user to group script = /usr/bin/gpasswd -a '%u' '%g' > > delete user script = /usr/sbin/userdel -r '%u' > > delete group script = /usr/sbin/groupdel '%g' > > delete user from group script = /usr/bin/gpasswd -d '%u' '%g' > > set primary group script = /usr/sbin/usermod -g '%g' '%u' > > > > veto files = /lost+found/ .recycle/ aquota.user/ aquota.group/ > > > > guest account = guest > > > > hosts allow = 192.168.0. 127. > > > > # > > ----------------------------------------------------------------------------- > > > > > > # Necessaire Domaine > > # > > ----------------------------------------------------------------------------- > > > > > > [homes] > > path = /mnt/SAN01/vd3_home2/home2/%u > > comment = Home Directories > > valid users = %S > > guest ok = No > > writable = Yes > > create mask = 0700 > > directory mask = 0700 > > browseable = No > > > > [netlogon] > > path = /mnt/SAN01/vd3_home2/netlogon > > comment = Partage NetLogon > > valid users = @sambausers @sambaguests root > > guest ok = No > > read only = Yes > > browseable = No > > > > [profiles] > > path = /mnt/SAN01/vd3_home2/profiles > > comment = Profils utilisateurs > > valid users = @sambausers @sambaguests root > > guest ok = No > > writable = Yes > > create mode = 0700 > > browseable = No > > > > # > > ----------------------------------------------------------------------------- > > > > > > # Partages > > # > > ----------------------------------------------------------------------------- > > > > > > [vd1_echange] > > comment = Zone d'echange. > > path = /mnt/SAN01/vd1_echange > > valid users = root @sambaadmins @sambaguests @User_Standard > > guest ok = No > > writable = Yes > > create mask = 0770 > > directory mask = 0770 > > browseable = yes > > # inherit permissions = yes > > inherit acls = yes > > hide unreadable = Yes > > # directory security mask = 0000 > > # force directory security mode = 0777 > > > > > > > > -- > Sylvain DAVID / administrateur réseau > > adr : Etranges Libellules > .~. 17 Rue des Archers > /v\ 69002 LYON > /(°)\ tel : 04 72 40 24 72 > ^^-^^ fax : 04 72 40 27 19 > > www.etranges-libellules.fr > -- > -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
