Dear Guys,
I have noticed that one of our domain users folder in
/var/lib/samba/profiles has a '+' on the end of their username folder
and all the files in their profile too.
I know this is to do with ACL's and I know Samba can translate Windows
ACL's to filesystem acls, but where can I find out where/how they are
getting created and remove them.
They should be know different then anyone else.
Although, all the users are setup as Admins on their own computer, but
noone else seems to be picking up or have a '+' sign on a 'ls -l'
I can only speak for what the commands to handle ACL's are for Solaris;
getfacl (to see what the current settings on a file or directory are, and
setfacl (to set ACL settings).
If those aren't the same commands used on your Samba server's OS to handle
ACL settings, try using apropos acl to see a list of man pages regarding
acl's.
Anyway, I recently found myself wanting to remove ACL settings acquired
from granting permissions through windows myself. I found that I had to
use setfacl to replace the ACL entries and reset them to standard type
entries in order to lose the + sign (signifying that there are additional
ACL entries on a file).
Setting the permissions on a file or directory with chmod alone is not
enough to clear the ACLs.
Example: I have a file that has ACL's set:
% ls -l acl_test
-rw-r--r--+ 1 user1usergroup 0 Jul 28 08:31 acl_test
% getfacl acl_test
# file: acl_test
# owner: user1
# group: DGROUP
user::rw-
user:user2:rwx#effective:rwx
group::r-- #effective:r--
mask:rwx
other:r--
( In the example above, the ACL's shown grant user2 full access to the
file, even though user2 is not the owner.
Clearing the permissions from the file does not (completely) remove the ACL
setting.
% chmod 000 acl_test
% ls -l acl_test
--+ 1 user1usergroup 0 Jul 28 08:31 acl_test
To get rid of the + sign altogether, use setfacl with the -s option to
reset the permission:
% setfacl -s u::rw-,g::r--,o:r-- acl_test
% ls -l acl_test
-rw-r--r-- 1 user1usergroup 0 Jul 28 08:31 acl_test
As you can see, the ACL's have been replaced by default entries (as if
chmod was the only thing that ever touched it).
Hope that helps.
Regards,
Arnold Andrews
Sr. Systems Administrator
Seagate Technology
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
