Full control access rights mapped as execute
in [Samba]
|
Prev: winbind v3.0.26a w. nss info = sfu; wbinfo fine, getent not
Next: Samba PDC, joining XP workstation 'network path was not found'
From: Jeremy Allison on 23 Apr 2008 15:50 On Wed, Apr 23, 2008 at 09:15:13PM +0200, Petr Kopecky wrote: > Hi there, > > I have some problem with Windows access rights mapping on Samba 3.0.28. I am > using XFS filesystem and ACL is working. > > This is a part of my smb.conf: > > domain logons = Yes > preferred master = Yes > map acl inherit = Yes > map archive = Yes > map hidden = Yes > map system = Yes > veto files = /*.eml/*.nws/*.{*}/ > veto oplock files = /*.doc/*.xls/*.mdb/ > create mask = 0755 > directory mask = 0755 > > [profiles] > comment = Profile Share > path = /data/samba/profiles > read only = No > profile acls = Yes > browseable = No > > [share] > comment = Shared Data > path = /data/samba/share > public = No > writable = No > write list = @smbusers > browseable = Yes > > > This configuration works fine for profiles where I need to map hidden and > system flags as windows uses them. But those flags are mapped in execute > flags not acl rights, but it works. > > getfacl /data/samba/profiles/some.user > # file: data/samba/profiles/some.user > # owner: someuser > # group: smbusers > user::rwx > group::--- > other::--- > > The problem is on other share. If anyone changes the premissions on the file > then access rights are mapped to execute flag not ACL and it is very > confusing. > If domain user rights are set to write and modify, it is stored as group > execute, if others are granted for write and modify, then execute flag for > others is set. But these flags are interpreted as system and hidden. > Additionally all created files have owner's executable bit set which means > archive. > > Could you please help me what should I set to have DOS access rights working > together with windows ACL? I cannot find this simple information on net :-( As you're using xfs you should have the ability to store extended attributes (EA's). So you can map DOS flags into EA's using the following smb.conf setting (store in the [global] section). ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |