Hello, I'm using Windows Server 2008 R2 and Debian Linux with Samba 3.6.7 and I have problem with ACL permissions. When I set max protocol = SMB2 in smb.conf I am able to traverse through folder "test" as "user1" even if I set only read permission for "Others". If I set max protocol = NT1, I cannot traverse through the same folder as "user1" with the same permissions - read only for "Others".
Why there are differences in ACL behavior when I use NT1 or SMB2 protocol ? My Samba share is located on XFS filesystem with mount options (rw,noatime,nodiratime,attr2,usrquota,grpquota). In that share I have folder with following permissions: # file: test # owner: root # group: root user::rwx group::rwx mask::rwx other::r-- My smb.conf: [global] dos charset = CP852 display charset = UTF8 netbios name = host1 server string = description1 bind interfaces only = Yes map to guest = Bad Password obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1:389 guest account = guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 6000 max protocol = SMB2 enable asu support = Yes keepalive = 10 socket options = TCP_NODELAY IPTOS_LOWDELAY printcap cache time = 0 max stat cache size = 1024 domain logons = Yes os level = 0 local master = No domain master = No dns proxy = No ldap admin dn = "cn=admin,dc=server,dc=local" ldap suffix = "dc=server,dc=local" ldap ssl = no lock directory = /usr/local/samba/var/locks pid directory = /tmp usershare path = /usr/local/samba/var/locks/usershares template homedir = /home/winnt/%D/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes idmap config * : backend = tdb invalid users = root, whell create mask = 0777 directory mask = 0777 force unknown acl user = Yes inherit permissions = Yes inherit acls = Yes map acl inherit = Yes smb encrypt = No veto files = /:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/Network Trash Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon\077/.AppleDouble/.AppleDesktop/desktop.ini/RECYCLER/ map archive = No store dos attributes = Yes dos filemode = Yes [share1] path = /mnt/share1 valid users = user1 read only = No case sensitive = No Best Regards Adrian Berlin -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba