Re: [Samba] Samba Breaks with ACLs
We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Here's my observations: we've upgrade from 3.0.22 to 3.0.23c on Solaris 10 and we are seeing the same problem (we did not see this behaviour with 3.0.22). Sim -- S.Barbaresi E-mail: [EMAIL PROTECTED] Adeilad Deiniol, UWB Tel: (44) (0)1248 382403 Ffordd DeiniolMob: (44) (0)7788 977167 Bangor, Gwynedd LL57 2UX URL: www.bangor.ac.uk -- Gall y neges e-bost hon, ac unrhyw atodiadau a anfonwyd gyda hi, gynnwys deunydd cyfrinachol ac wedi eu bwriadu i'w defnyddio'n unig gan y sawl y cawsant eu cyfeirio ato (atynt). Os ydych wedi derbyn y neges e-bost hon trwy gamgymeriad, rhowch wybod i'r anfonwr ar unwaith a dilëwch y neges. Os na fwriadwyd anfon y neges atoch chi, rhaid i chi beidio â defnyddio, cadw neu ddatgelu unrhyw wybodaeth a gynhwysir ynddi. Mae unrhyw farn neu safbwynt yn eiddo i'r sawl a'i hanfonodd yn unig ac nid yw o anghenraid yn cynrychioli barn Prifysgol Cymru, Bangor. Nid yw Prifysgol Cymru, Bangor yn gwarantu bod y neges e-bost hon neu unrhyw atodiadau yn rhydd rhag firysau neu 100% yn ddiogel. Oni bai fod hyn wedi ei ddatgan yn uniongyrchol yn nhestun yr e-bost, nid bwriad y neges e-bost hon yw ffurfio contract rhwymol - mae rhestr o lofnodwyr awdurdodedig ar gael o Swyddfa Cyllid Prifysgol Cymru, Bangor. www.bangor.ac.uk This email and any attachments may contain confidential material and is solely for the use of the intended recipient(s). If you have received this email in error, please notify the sender immediately and delete this email. If you are not the intended recipient(s), you must not use, retain or disclose any information contained in this email. Any views or opinions are solely those of the sender and do not necessarily represent those of the University of Wales, Bangor. The University of Wales, Bangor does not guarantee that this email or any attachments are free from viruses or 100% secure. Unless expressly stated in the body of the text of the email, this email is not intended to form a binding contract - a list of authorised signatories is available from the University of Wales, Bangor Finance Office. www.bangor.ac.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, 2006-10-30 at 15:59 -0600, John Goerzen wrote: > On Mon, Oct 30, 2006 at 03:48:20PM -0500, simo wrote: > > On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: > > > On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: > > > > You could always edit your fstab file and mount your fs without acl > > > > support. > > > > > > > > But you can also take some time and study the ACL support in Samba. > > > > Correctly implemented its a powerful feature. > > > > > > At the moment, we just want to stop getting the regular Unix permissions > > > screwed up... Yes, I probably should do that at some point, but I don't > > > understand why enabling it will cause users to lose write permissions to > > > files that they own. > > > > Maybe posting the relevant part of your smb.conf > > (masks/modes/inheritance options) may help. > > Sure: > > [data] >comment = General Data >browseable = yes >writeable = yes >create mask = 0664 >directory mask = 0775 >path = /data/general > > We have no ACL options, and no inheritance options, anywhere. If you have ACLs you also have XATTRs, in this case you may want to try do move all dos bits to an EA and see if the readonly mapping is what is causing you trouble. map read only = no map archive = no map system = no map hidden = no store dos attributes = yes Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 03:48:20PM -0500, simo wrote: > On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: > > On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: > > > You could always edit your fstab file and mount your fs without acl > > > support. > > > > > > But you can also take some time and study the ACL support in Samba. > > > Correctly implemented its a powerful feature. > > > > At the moment, we just want to stop getting the regular Unix permissions > > screwed up... Yes, I probably should do that at some point, but I don't > > understand why enabling it will cause users to lose write permissions to > > files that they own. > > Maybe posting the relevant part of your smb.conf > (masks/modes/inheritance options) may help. Sure: [data] comment = General Data browseable = yes writeable = yes create mask = 0664 directory mask = 0775 path = /data/general We have no ACL options, and no inheritance options, anywhere. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, 2006-10-30 at 13:41 -0600, John Goerzen wrote: > On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: > > You could always edit your fstab file and mount your fs without acl > > support. > > > > But you can also take some time and study the ACL support in Samba. > > Correctly implemented its a powerful feature. > > At the moment, we just want to stop getting the regular Unix permissions > screwed up... Yes, I probably should do that at some point, but I don't > understand why enabling it will cause users to lose write permissions to > files that they own. Maybe posting the relevant part of your smb.conf (masks/modes/inheritance options) may help. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: > You could always edit your fstab file and mount your fs without acl > support. > > But you can also take some time and study the ACL support in Samba. > Correctly implemented its a powerful feature. At the moment, we just want to stop getting the regular Unix permissions screwed up... Yes, I probably should do that at some point, but I don't understand why enabling it will cause users to lose write permissions to files that they own. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
On Mon, Oct 30, 2006 at 08:16:47PM +0100, Henrik Zagerholm wrote: > You could always edit your fstab file and mount your fs without acl > support. Unfortunately, XFS does not have such an option. I verified this with both the mount manpage and the XFS source code. According to mount(8), only ext2/3 have that option. -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
2006/10/30, Henrik Zagerholm <[EMAIL PROTECTED]>: But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. I'm adding my comment here, as I read you talking about ACL support: is there any sort of how-to for that ACL implementation? Regards, Flavio. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Breaks with ACLs
You could always edit your fstab file and mount your fs without acl support. But you can also take some time and study the ACL support in Samba. Correctly implemented its a powerful feature. Cheers, Henrik 30 okt 2006 kl. 16:51 skrev John Goerzen: Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Unfortunately, the Unix owner of the file now is locked out of writing to it. We never had any problem with permissions on these files before using the ACL-enabled kernel. Is there a way to completely disable POSIX ACL support at runtime, and have Samba just revert back to its behavior when on a filesystem that does not support POSIX ACLs? Or, better yet, is there a way to fix this behavior? Thanks, -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Breaks with ACLs
Hello, We are running Samba 3.0.23c on Debian. Over the weekend, we updated out file server to Debian's kernel 2.6.18. We had previously never run a kernel with ACL support enabled. Since the upgrade, we are seeing very strange permission behavior. It appears to be related to POSIX ACL support in Samba. It seems that what's happening is this. We have a number of files that are user/group writable (permissions 0664). When a user that is someone other than the Unix owner of the file writes to it, the permissions switch to 0474 (-r--rwxr--) and an ACL is added with this second user getting read/write permission to it. Unfortunately, the Unix owner of the file now is locked out of writing to it. We never had any problem with permissions on these files before using the ACL-enabled kernel. Is there a way to completely disable POSIX ACL support at runtime, and have Samba just revert back to its behavior when on a filesystem that does not support POSIX ACLs? Or, better yet, is there a way to fix this behavior? Thanks, -- John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba