Hi Charles! Thanks for your ideas! I read this post http://lists.samba.org/archive/samba/2007-July/133723.html and found some similarities with the behavior of my configuration. For example, sometimes a user can delete files or directories with "r-x" permissions. Then, I upgrade to samba 3.0.26a. I don't know if this is a good idea, but at least users can't delete files/directories now (I think). However, the problem still existing with the "hide unreadable = Yes" option. I understand now the behavior. For example, I have two directories in a share directory "groups" with the following ACL entries: # file: groups# owner: root# group: rootuser::rwxgroup::r-x group:admins:rwx group:users:r-x mask::rwxother::--- # file: dir1# owner: root# group: rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::--- # file: dir2# owner: root# group: rootuser::rwxgroup::---other::---And I have a user "joe" that belongs to the group "users". Then, if "joe" map the share directory, he can see only dir1 and dir2 is not visible for his. Also, "joe" should not see dir1. Now, if I change the ACL permissions of dir2 to the following: # file: dir2# owner: root# group: rootuser::rwxgroup::r-xgroup:admins:rwxmask::rwxother::--- "joe" can see (incorrectly) both directories. Believe me, I don't understand. I don't know if this "errors" are for a bad configuration or what... I'm using: debian etch 4.0r1 amd64, kernel 2.6.18-5-amd64, samba 3.0.26a, XFS file system with acl support and quotas and LDAP for user authentication. This is my smb.conf: [global] workgroup = NT-DEQ server string = %h server obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1 passwd program = /usr/sbin/smbldap-passwd '%u' syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups add user script = /usr/sbin/smbldap-useradd -a -m -k '%u' delete user script = /usr/sbin/smbldap-userdel -r '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m -k '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' dns proxy = No ldap admin dn = cn=admin,dc=upc,dc=es ldap group suffix = ou=groups ldap suffix = dc=upc,dc=es ldap ssl = no ldap user suffix = ou=users panic action = /usr/share/samba/panic-action %d invalid users = root profile acls = Yes map acl inherit = Yes hide unreadable = Yes map hidden = Yes
[homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [groups] comment = Grups Files path = /home/groups read only = No Thank you very much!!! Diego _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba