Re: [Samba] Samba + ACLs: Can’t add group write permissions
Am Tue, 26 Mar 2013 19:38:48 +0100 schrieb steve st...@steve-ss.com: WTF? Where did the write access for the group go? Hi Marvin Hi Steve, Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. I just tested it with another user and no, the file is really not group-writable. But I found another really mysterious behaviour... This time I’ve connected as user steffi who is in the share group as well: % sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt I tried to create a file now as this user: (1067) [9:28:47 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:28 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 (1068) [9:29:29 quintus@hades] /mnt % touch test3 touch: cannot touch ‘test3’: Permission denied (1069) [9:29:34 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:29 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 -rw-r-+ 11002 quintus0 Mar 28 09:29 test3 That is, I get a permission denied on the touch command, but the file is there nevertheless...? How is this possible at all? Even worse, I cannot write to the file I just created: (1070) [9:29:35 quintus@hades] /mnt % echo foo test3 zsh: permission denied: test3 And no, the file is really empty (I’ve chceked it on the server via SSH). Writing to the files owned by someone else, but still in the share group doesn’t work either: (1071) [9:31:19 quintus@hades] /mnt % echo foo test2 zsh: permission denied: test2 And again, this file really is empty. On the server, the permissions are reported like this: (433) [9:33:34 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (434) [9:33:41 quintus@avalon] /srv/cifs/share % getfacl test3 # file: test3 # owner: steffi # group: share user::rw- group::rwx #effective:r-- group:share:rwx #effective:r-- mask::r-- other::--- And I cannot write to the test3 as user quintus on the server, but as user steffi it works (again, through SSH): (436) [9:35:32 quintus@avalon] /srv/cifs/share % echo foo test3 zsh: permission denied: test3 (437) [9:36:55 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (438) [9:36:57 quintus@avalon] /srv/cifs/share % sudo su -s /bin/zsh - steffi [sudo] password for quintus: (1) [9:37:31 steffi@avalon] / % cd /srv/cifs/share (2) [9:37:35 steffi@avalon] /srv/cifs/share % echo foo test3 (3) [9:37:38 steffi@avalon] /srv/cifs/share % ls -ahl insgesamt 12K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share4 28. Mär 09:37 test3 (4) [9:37:39 steffi@avalon] /srv/cifs/share % cat test3 foo Cheers, Steve Any idea? Vale, Marvin -- Blog: http://pegasus-alpha.eu/blog ASCII-Ribbon-Kampagne() | ASCII Ribbon Campaign() - Stoppt HTML-E-Mail /\ | - Against HTML E-Mail/\ - Stoppt proprietäre Anhänge | - Against proprietary attachments www.asciiribbon.org/index-de.html | www.asciiribbon.org signature.asc Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + ACLs: Can’t add group write permissions
Am 28.03.2013 09:40, schrieb Quintus: Am Tue, 26 Mar 2013 19:38:48 +0100 schrieb steve st...@steve-ss.com: WTF? Where did the write access for the group go? Hi Marvin Hi Steve, Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. I just tested it with another user and no, the file is really not group-writable. But I found another really mysterious behaviour... This time I’ve connected as user steffi who is in the share group as well: % sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt I tried to create a file now as this user: (1067) [9:28:47 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:28 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 (1068) [9:29:29 quintus@hades] /mnt % touch test3 touch: cannot touch ‘test3’: Permission denied (1069) [9:29:34 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:29 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 -rw-r-+ 11002 quintus0 Mar 28 09:29 test3 That is, I get a permission denied on the touch command, but the file is there nevertheless...? How is this possible at all? Even worse, I cannot write to the file I just created: (1070) [9:29:35 quintus@hades] /mnt % echo foo test3 zsh: permission denied: test3 And no, the file is really empty (I’ve chceked it on the server via SSH). Writing to the files owned by someone else, but still in the share group doesn’t work either: (1071) [9:31:19 quintus@hades] /mnt % echo foo test2 zsh: permission denied: test2 And again, this file really is empty. On the server, the permissions are reported like this: (433) [9:33:34 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (434) [9:33:41 quintus@avalon] /srv/cifs/share % getfacl test3 # file: test3 # owner: steffi # group: share user::rw- group::rwx #effective:r-- group:share:rwx #effective:r-- mask::r-- other::--- And I cannot write to the test3 as user quintus on the server, but as user steffi it works (again, through SSH): (436) [9:35:32 quintus@avalon] /srv/cifs/share % echo foo test3 zsh: permission denied: test3 (437) [9:36:55 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (438) [9:36:57 quintus@avalon] /srv/cifs/share % sudo su -s /bin/zsh - steffi [sudo] password for quintus: (1) [9:37:31 steffi@avalon] / % cd /srv/cifs/share (2) [9:37:35 steffi@avalon] /srv/cifs/share % echo foo test3 (3) [9:37:38 steffi@avalon] /srv/cifs/share % ls -ahl insgesamt 12K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share4 28. Mär 09:37 test3 (4) [9:37:39 steffi@avalon] /srv/cifs/share % cat test3 foo Cheers, Steve Any idea? Vale, Marvin Hi Marvin, Just an idea: I remeber having an issue with testing permissions on cifs mounted filesystems. I was using touch to create files and kept failing. It turned out I had to make sure the file size exeeded 0 for the test to succeed. Mind you this was a couple of years ago and is possilbly not relevant any more. Greatings, Jochen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba + ACLs: Can’t add group write permissions
Hi MarvinI just tested it like this:-Made a domain group called staff. getent group gives: staff:*:21114:lynn2,steve2-Domain users steve2 and lynn2 are members of staff-Made a share in smb.conf:[shared] path = /home/shared read only = No-Set the ACL on /home/shared: chown root:staff /home/shared chmod g+s /home/shared setfacl -R -m g:staff:rw,d:g:staff:rw /home/shareddrwxrws---+ 2 root staff 4096 Mar 28 09:58 sharedwhich gives:# file: home/shared# owner: root# group: staff# flags: -s-user::rwxgroup::rwxgroup:staff:rw-mask::rwxother::---default:user::rwxdefault:group::rwxdefault:group:staff:rw-default:mask::rwxdefault:other::--- - Mounted the share:mount -t cifs //hh1/shared /mnt -osec=krb5,multiuser Here is a session with the 2 users: steve@hh1:/mnt su steve2Password:steve2@hh1:/mnt touch hola.txtsteve2@hh1:/mnt ls -ltotal 1024-rwxrwx---+ 1 steve2 Domain Users 0 Mar 28 10:29 hola.txtsteve2@hh1:/mnt getfacl hola.txt# file: hola.txt# owner: steve2# group: Domain40Usersuser::rwxuser:steve2:rwxgroup::rwxgroup:Domain40Users:rwxgroup:staff:rw-mask::rwxother::---steve2@hh1:/mnt su lynn2Password:lynn2@hh1:/mnt echo foo hola.txtlynn2@hh1:/mnt cat hola.txtfoolynn2@hh1:/mnt touch hola2.txtlynn2@hh1:/mnt ls -ltotal 2048-rwxrwx---+ 1 lynn2 Domain Users 0 Mar 28 10:30 hola2.txt-rwxrwx---+ 1 steve2 Domain Users 4 Mar 28 10:30 hola.txtlynn2@hh1:/mnt Notes:- I set the ACL as group rw but it appears as rwx- the sticky bit g+s is not working for file creation on the cifs mount- the sticky bit only works on the unmounted sharelynn2@hh1:/home/shared touch hola3.txtlynn2@hh1:/home/shared ls -l hola3.txt-rw-rw+ 1 lynn2 staff 0 Mar 28 10:36 hola3.txtlynn2@hh1:/home/shared getfacl hola3.txt# file: hola3.txt# owner: lynn2# group: staffuser::rw-group::rwx #effective:rw-group:staff:rw-mask::rw-other:: - - So, a bit of a mess. OK, so the group rw is working on this install but not for you. How about setting the ACL's as I have them and give it another try? Maybe mounting as multiuser also has something to do with it? HTH to clear the confusion a bit. It's certainly got me even more ACL'd out than ever before:(Cheers,Steve On Thu 28/03/13 9:40 AM , Quintus wrote:Am Tue, 26 Mar 2013 19:38:48 +0100 schrieb steve : WTF? Where did the write access for the group go? Hi Marvin Hi Steve, Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. I just tested it with another user and no, the file is really not group-writable. But I found another really mysterious behaviour... This time I’ve connected as user steffi who is in the share group as well: % sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt I tried to create a file now as this user: (1067) [9:28:47 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 root quintus 0 Mar 28 09:28 . drwxr-xr-x 20 root root 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus 0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus 0 Mar 26 15:04 test2 (1068) [9:29:29 quintus@hades] /mnt % touch test3 touch: cannot touch ‘test3’: Permission denied (1069) [9:29:34 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 root quintus 0 Mar 28 09:29 . drwxr-xr-x 20 root root 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus 0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus 0 Mar 26 15:04 test2 -rw-r-+ 1 1002 quintus 0 Mar 28 09:29 test3 That is, I get a permission denied on the touch command, but the file is there nevertheless...? How is this possible at all? Even worse, I cannot write to the file I just created: (1070) [9:29:35 quintus@hades] /mnt % echo foo test3 zsh: permission denied: test3 And no, the file is really empty (I’ve chceked it on the server via SSH). Writing to the files owned by someone else, but still in the share group doesn’t work either: (1071) [9:31:19 quintus@hades] /mnt % echo foo test2 zsh: permission denied: test2 And again, this file really is empty. On the server, the permissions are reported like this: (433) [9:33:34 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 root share 4,0K 28. Mär 09:29 . drwxr-xr-x 7 root root 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share 0 26. Mär 14:54 test -rw-r-+ 1 quintus share 0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share 0 28. Mär 09:29 test3 (434) [9:33:41 quintus@avalon] /srv/cifs/share % getfacl test3 # file: test3 # owner: steffi # group: share user::rw- group::rwx#effective:r-- group:share:rwx#effective:r-- mask::r-- other::---
Re: [Samba] Samba + ACLs: Can’t add group write permissions
Hi MarvinI just tested it like this:-Made a domain group called staff. getent group gives: staff:*:21114:lynn2,steve2-Domain users steve2 and lynn2 are members of staff-Made a share in smb.conf:[shared] path = /home/shared read only = No-Set the ACL on /home/shared: chown root:staff /home/shared chmod g+s /home/shared setfacl -R -m g:staff:rw,d:g:staff:rw /home/shareddrwxrws---+ 2 root staff 4096 Mar 28 09:58 sharedwhich gives:# file: home/shared# owner: root# group: staff# flags: -s-user::rwxgroup::rwxgroup:staff:rw-mask::rwxother::---default:user::rwxdefault:group::rwxdefault:group:staff:rw-default:mask::rwxdefault:other::--- - Mounted the share:mount -t cifs //hh1/shared /mnt -osec=krb5,multiuser Here is a session with the 2 users: steve@hh1:/mnt su steve2Password:steve2@hh1:/mnt touch hola.txtsteve2@hh1:/mnt ls -ltotal 1024-rwxrwx---+ 1 steve2 Domain Users 0 Mar 28 10:29 hola.txtsteve2@hh1:/mnt getfacl hola.txt# file: hola.txt# owner: steve2# group: Domain40Usersuser::rwxuser:steve2:rwxgroup::rwxgroup:Domain40Users:rwxgroup:staff:rw-mask::rwxother::---steve2@hh1:/mnt su lynn2Password:lynn2@hh1:/mnt echo foo hola.txtlynn2@hh1:/mnt cat hola.txtfoolynn2@hh1:/mnt touch hola2.txtlynn2@hh1:/mnt ls -ltotal 2048-rwxrwx---+ 1 lynn2 Domain Users 0 Mar 28 10:30 hola2.txt-rwxrwx---+ 1 steve2 Domain Users 4 Mar 28 10:30 hola.txtlynn2@hh1:/mnt Notes:- I set the ACL as group rw but it appears as rwx- the sticky bit g+s is not working for file creation on the cifs mount- the sticky bit only works on the unmounted sharelynn2@hh1:/home/shared touch hola3.txtlynn2@hh1:/home/shared ls -l hola3.txt-rw-rw+ 1 lynn2 staff 0 Mar 28 10:36 hola3.txtlynn2@hh1:/home/shared getfacl hola3.txt# file: hola3.txt# owner: lynn2# group: staffuser::rw-group::rwx #effective:rw-group:staff:rw-mask::rw-other:: - - So, a bit of a mess. OK, so the group rw is working on this install but not for you. How about setting the ACL's as I have them and give it another try? Maybe mounting as multiuser also has something to do with it? HTH to clear the confusion a bit. It's certainly got me even more ACL'd out than ever before:(Cheers,Steve On Thu 28/03/13 9:40 AM , Quintus wrote:Am Tue, 26 Mar 2013 19:38:48 +0100 schrieb steve : WTF? Where did the write access for the group go? Hi Marvin Hi Steve, Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. I just tested it with another user and no, the file is really not group-writable. But I found another really mysterious behaviour... This time I’ve connected as user steffi who is in the share group as well: % sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt I tried to create a file now as this user: (1067) [9:28:47 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 root quintus 0 Mar 28 09:28 . drwxr-xr-x 20 root root 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus 0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus 0 Mar 26 15:04 test2 (1068) [9:29:29 quintus@hades] /mnt % touch test3 touch: cannot touch ‘test3’: Permission denied (1069) [9:29:34 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 root quintus 0 Mar 28 09:29 . drwxr-xr-x 20 root root 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus 0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus 0 Mar 26 15:04 test2 -rw-r-+ 1 1002 quintus 0 Mar 28 09:29 test3 That is, I get a permission denied on the touch command, but the file is there nevertheless...? How is this possible at all? Even worse, I cannot write to the file I just created: (1070) [9:29:35 quintus@hades] /mnt % echo foo test3 zsh: permission denied: test3 And no, the file is really empty (I’ve chceked it on the server via SSH). Writing to the files owned by someone else, but still in the share group doesn’t work either: (1071) [9:31:19 quintus@hades] /mnt % echo foo test2 zsh: permission denied: test2 And again, this file really is empty. On the server, the permissions are reported like this: (433) [9:33:34 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 root share 4,0K 28. Mär 09:29 . drwxr-xr-x 7 root root 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share 0 26. Mär 14:54 test -rw-r-+ 1 quintus share 0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share 0 28. Mär 09:29 test3 (434) [9:33:41 quintus@avalon] /srv/cifs/share % getfacl test3 # file: test3 # owner: steffi # group: share user::rw- group::rwx#effective:r-- group:share:rwx#effective:r-- mask::r-- other::---
[Samba] Samba + ACLs: Can’t add group write permissions
Hi there, I’ve been trying to get my head around a problem I have with Samba. I’ve set up Samba 3.6.13 on a Raspberry Pi with Arch Linux ARM on it and let it serve a couple of folders from an attached external ext4 drive mounted to /srv/cifs (of course with the acl option enabled). I’ve been trying to create a share that is read-writable for all members of a particular UNIX user group (named share), but nobody else (with the directory being at /srv/cifs/share), i.e. it has permissions rwxrwx--- owner root, group share. Everything (recursively) inside the /srv/cifs/share directory should always be read-writable for anyone in the share group. People easily forget about setting rights themselves correctly for each file they create, hence I wanted to modify the default ACLs for the /srv/cifs/share directory to always allow members of group share to be able to read and write all files inside that directory. The permissions I set on the directory are as follows: -- % ls -l drwxrws---+ 2 root share 4096 26. Mär 14:24 share % getfacl share # file: share # owner: root # group: share # flags: -s- user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:group:share:rwx default:mask::rwx default:other::--- -- I’ve set the setgid bit so that additionally to the permissions the group itself is correctly applied to new files as well. The default ACL entries as far as I see grant all members of group share read and write access, but deny it to anybody else. My username on that system is quintus, and I’m member of group share. I can easily create a new file in the /srv/cifs/share directory and it gets the permissions I expect from it: -- (410) [14:54:55 quintus@avalon] /srv/cifs/share % touch test (411) [14:54:59 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 26. Mär 14:54 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test (412) [14:55:01 quintus@avalon] /srv/cifs/share % getfacl test # file: test # owner: quintus # group: share user::rw- group::rwx #effective:rw- group:share:rwx #effective:rw- mask::rw- other::--- -- That is, the file test belongs to quintus and group share, where the share group automatically has write permissions on the file. Now I try the same via samba. That is, on another system I mount the CIFS share to /mnt like this (avalon is the Raspberry Pi): % sudo mount //avalon/share -t cifs -o user=quintus,uid=quintus /mnt It asks for my password and then correctly mounts the directory to /mnt. As I don’t want my local root user being mapped to the quintus user on the remote machine so that I have to use sudo for everything I instruct mount to give it to the quintus user (me) instead (yes, my username is quintus on both machines). This works fine. Here’s what I get when inspecting this directory from the local machine (hades): -- (1046) [15:04:03 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 quintus 10020 Mar 26 14:54 . drwxr-xr-x 20 rootroot 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus 10020 Mar 26 14:54 test (1047) [15:04:04 quintus@hades] /mnt % getfacl test # file: test # owner: quintus # group: 1002 user::rw- group::rwx #effective:rw- group:1002:rwx #effective:rw- mask::rw- other::--- -- Again, as expected. I don’t have that GID on my local machine (hence it shows up as numeric), but as far as I understand Samba automatically maps this correctly when I create new files. Now I create a new file from the local machine: -- (1048) [15:04:10 quintus@hades] /mnt % touch test2 (1049) [15:04:41 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 quintus 10020 Mar 26 15:04 . drwxr-xr-x 20 rootroot 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus 10020 Mar 26 14:54 test -rw-r-+ 1 quintus 10020 Mar 26 15:04 test2 (1050) [15:04:45 quintus@hades] /mnt % getfacl test2 # file: test2 # owner: quintus # group: 1002 user::rw- group::rwx #effective:r-- group:1002:rwx #effective:r-- mask::r-- other::--- -- WTF? Where did the write access for the group go? Why do I have this #effective line and how does it get calculated? And why is the mask parameter different from creating the file locally on the server? To verify, I _am_ in the share group: (419) [15:08:01 quintus@avalon] /srv/cifs/share % grep share /etc/group share:x:1002:quintus The [global] section of my
Re: [Samba] Samba + ACLs: Can’t add group write permissions
On 26/03/13 15:25, Quintus wrote: -- (1048) [15:04:10 quintus@hades] /mnt % touch test2 (1049) [15:04:41 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 quintus 10020 Mar 26 15:04 . drwxr-xr-x 20 rootroot 4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus 10020 Mar 26 14:54 test -rw-r-+ 1 quintus 10020 Mar 26 15:04 test2 (1050) [15:04:45 quintus@hades] /mnt % getfacl test2 # file: test2 # owner: quintus # group: 1002 user::rw- group::rwx #effective:r-- group:1002:rwx #effective:r-- mask::r-- other::--- -- WTF? Where did the write access for the group go? Hi Marvin Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba