On Friday 24 August 2007 08:49:34 Chuck Kollars wrote: > > From: Chuck Kollars <ckollars9 <at> yahoo.com> > > Subject: Samba & ACLs? > > Date: 2006-08-19 02:46:45 GMT > > > > How exactly do Samba 3.x and ACLs interrelate? ... > > I started out naively assuming that the *nix > > uidNumber/gidNumber Samba mapped the end user to > > would behave exactly the same whether they were a > > Samba user or were logged on locally. ... > > After a year I think I understand well enough to > answer my own question (of course I may be wrong > anyway:-): The overdefined term ACL may refer to > _either_ Windows file permissions (including the NT > variant) _or_ the Linux/Posix file permissions > extension. In the Samba context questions about "ACL"s > can be indeterminate and often elicit answers from the > other point of view. > > At root, Samba does everything in terms of the Windows > ACL, then maps the result as best it can to *nix > permissions. > > Samba offers a number of configuration options for > tweaking the way it handles Windows ACLs, including > some methods that have no exact analogue in the > Windows world. Samba lets you mash --within limits-- > the *nix permission bits it calculates. Recent > versions of Samba are pretty good --again within > limits-- at being compatible with Linux/Posix ACLs and > assigning a Linux/Posix ACL to every file and folder > when it's created. > > But despite all the possible tweaks, the unchanging > core is that Samba always calculates the initial *nix > permissions according to its mapping of permissions > from the Windows world. So even though most of a > Linux/Posix ACL may be retained and even honored, > Samba ignores the default:user::xxx and > default:group::xxx parts of a Linux/Posix ACL. > There's no way to configure Samba so it assigns > permissions to new files and folders _exactly_ the > same way a native Linux user would see them.
Hello Chuck, Thank you for your persistence and willingness to share your experience. Really interesting. I found an interesting thing too this morning. I'm using Samba LDAP. When I'm setting up a shared directory using ACL. [EMAIL PROTECTED] profiles]# getfacl profiles/userjauh1/ # file: userjauh1 # owner: userjauh1 # group: root user::rwx user:salesjauh1:rwx group::r-x mask::rwx other::r-x When client's XP logon as userjauh1 and share his directory to salesjauh1, it shows in Linux'es ACL. [EMAIL PROTECTED] profiles]# getfacl userjauh1/New\ Folder # file: New\040Folder # owner: userjauh1 # group: w2kfinance user::rwx user:salesjauh1:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:salesjauh1:rwx default:group::--- default:mask::rwx default:other::--- What do you think? -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 14:08:23 up 2:42, 2.6.20-16-generic GNU/Linux Let's use OpenOffice. http://www.openoffice.org
pgpNSGpdKmWxW.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
