Thread-topic: ACLs not being properly honored in Samba on Leopard
On 1/30/08 1:36 PM, "James Peach" <email@hidden> wrote:
> On Jan 30, 2008, at 9:42 AM, James Peach wrote:
>
>> On Jan 28, 2008, at 10:38 AM, Noah Abrahamson wrote:
>>
>>> On Jan 28, 2008, at 9:32 AM, James Peach wrote:
>>>
>>>> On Jan 27, 2008, at 5:10 PM, Noah Abrahamson wrote:
>>>>
>>>>> I'm working with MOSXS 10.5.1 and configuring Samba for
>>>>> filesharing to my Windows users. It seems my Windows users can't
>>>>> write to the root level of the sharepoint, when they should -- by
>>>>> virtue of being in an ACL with full permission.
>>>>>
>>>>> Let's say I map a drive using the account "its-testuser" on a
>>>>> WinXPSP2 box. When that user tries to create a folder, the folder
>>>>> is successfully created -- but the name can't be change from the
>>>>> default "New Folder".
>>>>
>
> [snip]
>
>> I don't see any system calls that would indicate a rename. This
>> might imply that Samba is denying the rename, rather than the system
>> denying the rename. I'll see whether I can reproduce and get back to
>> you.
>
>
> The workaround is to append the following lines to /etc/smb.conf:
>
> [global]
> acl check permissions = no
>
> See smb.conf(8) for a detailed explanation of what Samba is trying to
> do. the problem arises because Darwin ACLs are closer to Windows ACLs
> that to POSIX ACLs, so Samba doesn't quite get the access check
> correct on Darwin.
>
> I think that there is a code path to the POSIX ACL check that is not
> guarded by "acl check permissions", so I'm not guaranteeing that this
> workaround is 100%.
>
I can verify that this is now allowing SMB users to write. Thanks, James.
--
Steve Yuroff
Network and System Administrator
Hiebing
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
