Mailing Lists: Apple Mailing Lists
 Image of Mac OS face in stamp
ACLs not being properly honored in Samba on Leopard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ACLs not being properly honored in Samba on Leopard

I'm working with MOSXS 10.5.1 and configuring Samba for filesharing to my Windows users. It seems my Windows users can't write to the root level of the sharepoint, when they should -- by virtue of being in an ACL with full permission.

Let's say I map a drive using the account "its-testuser" on a WinXPSP2 box. When that user tries to create a folder, the folder is successfully created -- but the name can't be change from the default "New Folder". Also, I can drop a file in the share, but I can't rename that, either, once it's dropped. Nor can I delete files or folders at root level, either. *However* once a subfolder has been created (via AFP, say) the daughter files and folders can be fully modifiable, and the ACLs seem to be properly enforced.

Alternatively, if I made the root of the sharepoint 777, everything works. But I can't have that, for pretty obvious reasons.

For example, here's the ls output of my sharepoint (wrapped for easier reading). It was configured via Server Admin.

bash-3.2# ls -lae@
drwxrwx---+ 8 root admin 272 Jan 27 16:44 ITS
0: user:its-testuser allow list,add_file,search,delete,add_subdirectory,
delete_child,readattr,writeattr,readextattr,writeextattr,
readsecurity,writesecurity,chown,file_inherit,directory_inherit
1: group:curators allow list,search,readattr,readextattr,
readsecurity,file_inherit,directory_inherit


And here's what the Samba sharepoint looks like:

#VERSION 3
path=/Volumes/datastore/ITS
comment=ITS
usershare_acl=S-1-1-0:F
guest ok=no
oplocks=no
inherit permissions=no
directory mask=0771
strict locking=yes
create mask=0644


And if I look at the properties of the mapped drive in WinXP, I can see that its-testuser has full control.

My smb.conf has only the following additions:

[global]
        use spnego = no
        use kerberos keytab = no
        store dos attributes = yes
        map archive = no
        map hidden = no
        map system = no
        client NTLMv2 auth = yes


What's going on here?



Noah


-------------------
Noah Abrahamson
Stanford University


Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.