I have been
trying to get ACL's to work with Samba 2.2.5 but have run into a
problem.
I am using
RedHat 7.3 with the POSIX ACL patches from http://acl.bestbits.at/. Following
installation of the patches I am able to view and modify ACL's from the bash
command line using the getfacl and setfacl commands. Authenticiation is
configured with winbind and domain security. It seems to be working
fine.
The Samba code
is was downloaded as an RPM from samba.org. I did not rebuild the code as
it seemed to already have acl support in it as evidenced by the many ACL
releated messages in the log files.
When I try to
add/change an ACL from theclient Iam getting the following message
in the client log file:
[2002/09/18 14:13:59, 3]
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
convert_canon_ace_to_posix_perms: Too many ACE entries for file AUTOEXEC.BAT to
convert to posix perms.
When I view
the log files it appears that the client is passing an ACE file list that
containsfour ACE entries, while the source code seems to limit the number
to three (USER, GROUP, OTHER). This doesn't make sense. It seems
that there sould be the three default entries plus as many more entries as the
user wants to set.
Has anyone
solved this problem? Any help is appreciated.
My smb.conf
and an excerpt from my log file are listed below.
Thanks,
Bill
smb.conf
# Samba
config file created using SWAT# from atlwebcache1.core.hp.com
(15.10.155.2)# Date: 2002/09/18 10:11:50
# Global
parameters[global] workgroup =
SAMBA server string = Samba
Server security =
DOMAIN encrypt passwords =
Yes password server =
* log file =
/var/log/samba/log.%m max log size
= 50 socket options = TCP_NODELAY
SO_RCVBUF=8192 SO_SNDBUF=8192 dns
proxy = No winbind uid =
1000-2000 winbind gid =
1000-2000
[homes]
comment = Home Directories read
only = No browseable =
No
[printers]
comment = All Printers path =
/var/spool/samba printable =
Yes browseable =
No
[tmp]
path = /tmp read only =
No guest ok =
Yes
client.log
[2002/09/18 16:04:17, 10]
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: file
ace - before valid canon_ace index 0. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-1013 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-1013 - SAMBA
TestUsr uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
r-- canon_ace index 2. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms
r-- canon_ace index 3. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms
r-x[2002/09/18 16:04:17, 10]
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: dir
ace - before valid[2002/09/18 16:04:17, 3]
smbd/dosmode.c:unix_mode(111) unix_mode(TestFile) returning
0744[2002/09/18 16:04:17, 10]
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: file
ace - return canon_ace index 0. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-1013 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-1013 - SAMBA
TestUsr uid 1006 (SAMBA\TestUsr) SMB_ACL_USER perms r-x
canon_ace index 1. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER perms
r-- canon_ace index 2. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms
r-- canon_ace index 3. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms
r-x[2002/09/18 16:04:17, 10]
smbd/posix_acls.c:print_canon_ace_list(146) print_canon_ace_list: dir
ace - return canon_ace index 0. Type = allow SID = S-1-1-0 other
SMB_ACL_OTHER perms r-- canon_ace index 1. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-513 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-513 - SAMBA Domain
Users gid 1000 (SAMBA\Domain Users) SMB_ACL_GROUP_OBJ perms
r-- canon_ace index 2. Type = allow SID =
S-1-5-21-1838633764-1922773823-188441444-1004 winbind_lookup_sid: SUCCESS:
SID S-1-5-21-1838633764-1922773823-188441444-1004 - SAMBA
smbuser uid 1005 (SAMBA\smbuser) SMB_ACL_USER_OBJ perms
rwx[2002/09/18 16:04:17, 3]
smbd/posix_acls.c:convert_canon_ace_to_posix_perms(1809)
convert_canon_ace_to_posix_perms: Too many ACE entries for file TestFile to
convert to posix perms.[2002/09/18 16:04:17, 3]