RE: [Samba] 3.2.4 ACL inheritance trouble
Jeremy, I am using samba 3.2.4 on CentOS 5.2, configured as a domain member of windows 2000 active directory and the client is windows XP. My problem is I am not able to remove any inherited ACL's on the folders and files from windows XP client. I unchecked "Inherit from parent the permission entries that apply to child objects. Include these with entries with explicitly defined here" and selected "Copy" option in the next dialog box and then I hit apply, it is successful so far and I get "not inherited" in "inherited from" column. Now when I delete an inherited ACL entry, it comes back again after I hit apply. Linux permissions on the share are 777. Here is my smb.conf: workgroup = EXAMPLE realm = EXAMPLE.COM server string = %h server (Samba %v) password server = RIVER enable privileges = Yes use spnego = yes client use spnego = yes name resolve order = host wins bcast winbind use default domain = yes netbios name = samba-test security = ADS encrypt passwords = yes socket options = TCP_NODELAY map to guest = nobody idmap uid = 16777217-33554431 idmap gid = 16777217-33554431 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash # Share Definitions =# [Test] comment = Share Data path = /data/test read only = No create mask = 0770 directory mask = 0770 browsable = Yes public = No writeable = Yes force create mode = 0770 force directory mode = 0770 force group = "domain admins" guest ok = no inherit permissions = yes inherit acls = yes nt acl support = yes map acl inherit = yes Thank you and I hope this helps. --Chandra -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 11, 2008 3:30 PM To: Saddi, Chandra Cc: Peter Rindfuss; Jeremy Allison; samba Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On Wed, Nov 05, 2008 at 05:40:36PM -0500, Saddi, Chandra wrote: > Hi Jeremy, > > I've checked with version 3.2.2, here I found another problem. The check > box for "Inherit from parent the permission entries that apply to child > objects. Include these with entries with explicitly defined here" keeps > appearing (checked) again after I select "Copy" option and then hit the > apply button. I couldn't test further because of this issue. Can't reproduce this with current samba-3-2-test git code. Can you give me *exact* steps to reproduce please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Wed, Nov 05, 2008 at 05:40:36PM -0500, Saddi, Chandra wrote: > Hi Jeremy, > > I've checked with version 3.2.2, here I found another problem. The check > box for "Inherit from parent the permission entries that apply to child > objects. Include these with entries with explicitly defined here" keeps > appearing (checked) again after I select "Copy" option and then hit the > apply button. I couldn't test further because of this issue. Can't reproduce this with current samba-3-2-test git code. Can you give me *exact* steps to reproduce please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.2.4 ACL inheritance trouble
Hi Jeremy, I am just checking in to see if you had a chance to look at this problem. Let us know as soon as you figure out a solution. Thank you very much, Chandra -Original Message- From: Saddi, Chandra Sent: Thursday, November 06, 2008 5:12 PM To: 'Jeremy Allison' Cc: David Eisner; samba Subject: RE: [Samba] 3.2.4 ACL inheritance trouble No problem Jeremy, have a safe trip back home. I'll look forward to your solution next week. Thank you, Chandra -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:07 PM To: Saddi, Chandra Cc: Jeremy Allison; David Eisner; samba Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On Thu, Nov 06, 2008 at 10:37:46AM -0500, Saddi, Chandra wrote: > Jeremy, > > I tried with version 3.0.28a, as per other user's suggestion I've copied > posix_acls.c from 3.0.25 to 3.0.28a and compiled it, now it is working > very well. I know it is not a good idea to copy the file from lower > version but I just want to give you some idea on where the problem might > be. I hope this helps. Not really :-). The 3.0.25 version of that code breaks Excel spreadsheets (as you'll find out if you use it) and doesn't work with Vista. I'll be able to do more once I'm back in the USA and access to my testing environment. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.2.4 ACL inheritance trouble
No problem Jeremy, have a safe trip back home. I'll look forward to your solution next week. Thank you, Chandra -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2008 5:07 PM To: Saddi, Chandra Cc: Jeremy Allison; David Eisner; samba Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On Thu, Nov 06, 2008 at 10:37:46AM -0500, Saddi, Chandra wrote: > Jeremy, > > I tried with version 3.0.28a, as per other user's suggestion I've copied > posix_acls.c from 3.0.25 to 3.0.28a and compiled it, now it is working > very well. I know it is not a good idea to copy the file from lower > version but I just want to give you some idea on where the problem might > be. I hope this helps. Not really :-). The 3.0.25 version of that code breaks Excel spreadsheets (as you'll find out if you use it) and doesn't work with Vista. I'll be able to do more once I'm back in the USA and access to my testing environment. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Thu, Nov 06, 2008 at 10:37:46AM -0500, Saddi, Chandra wrote: > Jeremy, > > I tried with version 3.0.28a, as per other user's suggestion I've copied > posix_acls.c from 3.0.25 to 3.0.28a and compiled it, now it is working > very well. I know it is not a good idea to copy the file from lower > version but I just want to give you some idea on where the problem might > be. I hope this helps. Not really :-). The 3.0.25 version of that code breaks Excel spreadsheets (as you'll find out if you use it) and doesn't work with Vista. I'll be able to do more once I'm back in the USA and access to my testing environment. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.2.4 ACL inheritance trouble
Jeremy, I tried with version 3.0.28a, as per other user's suggestion I've copied posix_acls.c from 3.0.25 to 3.0.28a and compiled it, now it is working very well. I know it is not a good idea to copy the file from lower version but I just want to give you some idea on where the problem might be. I hope this helps. Thank you, Chandra -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2008 9:45 PM To: David Eisner Cc: Saddi, Chandra; samba; Jeremy Allison Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On Wed, Nov 05, 2008 at 05:49:18PM -0500, David Eisner wrote: > On Wed, Nov 5, 2008 at 5:40 PM, Saddi, Chandra > <[EMAIL PROTECTED]> wrote: > > I've checked with version 3.2.2, here I found another problem. The check > > box for "Inherit from parent the permission entries that apply to child > > objects. Include these with entries with explicitly defined here" keeps > > appearing (checked) again after I select "Copy" option and then hit the > > apply button. I couldn't test further because of this issue. > > I think that's this bug: > > https://bugzilla.samba.org/show_bug.cgi?id=5052 No, that bug has actually been fixed. The remaining issue referred in that bug is a new issue I'd like to track separately. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Wed, Nov 05, 2008 at 05:49:18PM -0500, David Eisner wrote: > On Wed, Nov 5, 2008 at 5:40 PM, Saddi, Chandra > <[EMAIL PROTECTED]> wrote: > > I've checked with version 3.2.2, here I found another problem. The check > > box for "Inherit from parent the permission entries that apply to child > > objects. Include these with entries with explicitly defined here" keeps > > appearing (checked) again after I select "Copy" option and then hit the > > apply button. I couldn't test further because of this issue. > > I think that's this bug: > > https://bugzilla.samba.org/show_bug.cgi?id=5052 No, that bug has actually been fixed. The remaining issue referred in that bug is a new issue I'd like to track separately. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Wed, Nov 5, 2008 at 5:40 PM, Saddi, Chandra <[EMAIL PROTECTED]> wrote: > I've checked with version 3.2.2, here I found another problem. The check > box for "Inherit from parent the permission entries that apply to child > objects. Include these with entries with explicitly defined here" keeps > appearing (checked) again after I select "Copy" option and then hit the > apply button. I couldn't test further because of this issue. I think that's this bug: https://bugzilla.samba.org/show_bug.cgi?id=5052 -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.2.4 ACL inheritance trouble
Hi Jeremy, I've checked with version 3.2.2, here I found another problem. The check box for "Inherit from parent the permission entries that apply to child objects. Include these with entries with explicitly defined here" keeps appearing (checked) again after I select "Copy" option and then hit the apply button. I couldn't test further because of this issue. Thank you, Chandra -Original Message- From: Peter Rindfuss [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2008 6:32 AM To: Jeremy Allison; samba Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On 2008-11-04 22:55, Jeremy Allison wrote: > On Tue, Nov 04, 2008 at 04:23:03PM +0100, Peter Rindfuss wrote: > >> Sorry, not possible. 3.2.x was introduced here when upgrading from Suse >> 10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when >> we went to production use, we already had installed 3.2.4. That was 2 >> weeks ago. >> The "(maybe earlier, but I doubt it)" in my original post makes no sense >> as we did not test it with any earlier version than 3.2.4. >> >> I found some possibly discussion at >> http://webui.sourcelabs.com/samba/issues/5052 > > Ok, thanks. Can you log a bug for me at bugzilla.samba.org > so I can track this when I get back to the USA. > See bug 5873: https://bugzilla.samba.org/show_bug.cgi?id=5873 Best, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Wed, Nov 05, 2008 at 10:04:07AM -0500, Saddi, Chandra wrote: > Hi Peter/Jeremy, > > I do have the same problem. I am going to try with 3.2.2 and let you > know how it works. Great thanks. Once I know when it broke, it'll be easier to fix when I'm back in the US. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.2.4 ACL inheritance trouble
Hi Peter/Jeremy, I do have the same problem. I am going to try with 3.2.2 and let you know how it works. Thank you, Chandra -Original Message- From: Peter Rindfuss [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2008 6:32 AM To: Jeremy Allison; samba Subject: Re: [Samba] 3.2.4 ACL inheritance trouble On 2008-11-04 22:55, Jeremy Allison wrote: > On Tue, Nov 04, 2008 at 04:23:03PM +0100, Peter Rindfuss wrote: > >> Sorry, not possible. 3.2.x was introduced here when upgrading from Suse >> 10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when >> we went to production use, we already had installed 3.2.4. That was 2 >> weeks ago. >> The "(maybe earlier, but I doubt it)" in my original post makes no sense >> as we did not test it with any earlier version than 3.2.4. >> >> I found some possibly discussion at >> http://webui.sourcelabs.com/samba/issues/5052 > > Ok, thanks. Can you log a bug for me at bugzilla.samba.org > so I can track this when I get back to the USA. > See bug 5873: https://bugzilla.samba.org/show_bug.cgi?id=5873 Best, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On 2008-11-04 22:55, Jeremy Allison wrote: On Tue, Nov 04, 2008 at 04:23:03PM +0100, Peter Rindfuss wrote: Sorry, not possible. 3.2.x was introduced here when upgrading from Suse 10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when we went to production use, we already had installed 3.2.4. That was 2 weeks ago. The "(maybe earlier, but I doubt it)" in my original post makes no sense as we did not test it with any earlier version than 3.2.4. I found some possibly discussion at http://webui.sourcelabs.com/samba/issues/5052 Ok, thanks. Can you log a bug for me at bugzilla.samba.org so I can track this when I get back to the USA. See bug 5873: https://bugzilla.samba.org/show_bug.cgi?id=5873 Best, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Tue, Nov 04, 2008 at 04:23:03PM +0100, Peter Rindfuss wrote: > Sorry, not possible. 3.2.x was introduced here when upgrading from Suse > 10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when > we went to production use, we already had installed 3.2.4. That was 2 > weeks ago. > The "(maybe earlier, but I doubt it)" in my original post makes no sense > as we did not test it with any earlier version than 3.2.4. > > I found some possibly discussion at > http://webui.sourcelabs.com/samba/issues/5052 Ok, thanks. Can you log a bug for me at bugzilla.samba.org so I can track this when I get back to the USA. Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On 2008-11-04 14:59, Jeremy Allison wrote: On Tue, Nov 04, 2008 at 02:16:24PM +0100, Peter Rindfuss wrote: Hi, Since 3.2.4 (maybe earlier, but I doubt it), one important feature does not work anymore for me: I cannot break ACL inheritance anymore in the Windows ACL editor. With previous Samba versions, I entered the "Advanced" dialog of the Windows ACL editor and unchecked the flag "Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here". Afterwards, I could remove or change ACLs as needed. If I do this now, ACLs that exist on the next higher directory level re-appear after having deleted them. Are there changed configuration options or am I missing something else here? Breaking inheritance is very important in our system as we often need to restrict access to subdirectories. At the moment, I can only try to modify ACLs on the Linux level in order to get the desired behavior. Can you help me determine when this behavior changed ? 3.2.3 has a small change here that might affect this, but I'd be very interested to know if this was in 3.2.0, 3.2.1 or 3.2.3 (when it was introduced). I'm travelling at the moment with no access to Windows VM's to test this with, so if you need me to reproduce it'll have to wait until next monday (US Pacific time). Sorry, not possible. 3.2.x was introduced here when upgrading from Suse 10.0 to OpenSuse 11.0. OpenSuse 11 comes with 3.2.0, I think, but when we went to production use, we already had installed 3.2.4. That was 2 weeks ago. The "(maybe earlier, but I doubt it)" in my original post makes no sense as we did not test it with any earlier version than 3.2.4. I found some possibly discussion at http://webui.sourcelabs.com/samba/issues/5052 Best, Peter Rindfuss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.2.4 ACL inheritance trouble
On Tue, Nov 04, 2008 at 02:16:24PM +0100, Peter Rindfuss wrote: > Hi, > > Since 3.2.4 (maybe earlier, but I doubt it), one important feature does > not work anymore for me: > > I cannot break ACL inheritance anymore in the Windows ACL editor. With > previous Samba versions, I entered the "Advanced" dialog of the Windows > ACL editor and unchecked the flag "Inherit from parent the permission > entries that apply to child objects. Include these with entries > explicitly defined here". Afterwards, I could remove or change ACLs as > needed. If I do this now, ACLs that exist on the next higher directory > level re-appear after having deleted them. > > Are there changed configuration options or am I missing something else here? > > Breaking inheritance is very important in our system as we often need to > restrict access to subdirectories. > > At the moment, I can only try to modify ACLs on the Linux level in order > to get the desired behavior. Can you help me determine when this behavior changed ? 3.2.3 has a small change here that might affect this, but I'd be very interested to know if this was in 3.2.0, 3.2.1 or 3.2.3 (when it was introduced). I'm travelling at the moment with no access to Windows VM's to test this with, so if you need me to reproduce it'll have to wait until next monday (US Pacific time). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.2.4 ACL inheritance trouble
Hi, Since 3.2.4 (maybe earlier, but I doubt it), one important feature does not work anymore for me: I cannot break ACL inheritance anymore in the Windows ACL editor. With previous Samba versions, I entered the "Advanced" dialog of the Windows ACL editor and unchecked the flag "Inherit from parent the permission entries that apply to child objects. Include these with entries explicitly defined here". Afterwards, I could remove or change ACLs as needed. If I do this now, ACLs that exist on the next higher directory level re-appear after having deleted them. Are there changed configuration options or am I missing something else here? Breaking inheritance is very important in our system as we often need to restrict access to subdirectories. At the moment, I can only try to modify ACLs on the Linux level in order to get the desired behavior. Thanks in advance for help Peter Rindfuss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
