Web lists-archives.com

[Samba] ACL SHARE




Hello
I have a Debian 8 with samba (Version 4.2.10-Debian) that serves as Fileserver.

My smb.conf

[global]
        workgroup = XXXXX
        realm = GRUPO.XXXXX.COM.BR

        security = ADS
        idmap config * : backend = rid
        idmap config * : range = 100000-999999

        client schannel = no
        allow trusted domains = yes
        winbind use default domain = yes
        winbind refresh tickets = Yes
        winbind offline logon = no
        winbind cache time = 360

        winbind enum users  = yes
        winbind enum groups = yes

        template shell = /bin/bash
        template homedir = /home/%U


        map to guest = bad user
        guest account = guest
        guest ok = yes

        vfs objects = acl_xattr
        map acl inherit = Yes
        store dos attributes = Yes

I have sharing:

[QUALIDADELEITE]
        path = /home/QUALIDADELEITE
        browseable = yes
        writeable = yes
        printable = no
        create mask = 0770
        force directory mode = 0770
        force create mode = 0770
        force group = +qualidadeleite
        valid users = @qualidadeleite


getfacl /home/QUALIDADELEITE
# file: home/QUALIDADELEITE
# owner: root
# group: qualidadeleite
user::rwx
group::rwx
other::---
default:user::rwx
default:group::r-x
default:group:qualidadeleite:rwx
default:mask::rwx
default:other::r-x

My doubts inside have an ok.txt file

Getfacl ok.txt
# File: ok.txt
# Owner: root
# Group: root
User :: rwx
Group :: r-x #effective: ---
Group: qualidadeleite: rwx #effective: ---
Mask :: ---
Other :: ---

The problem in this way a user of the qualidadeleite group can not do anything in the file, even though they have permissions via ACL, this only happens on shares.
Direct on the file System the ACL permission is functional.

Access to this directory occurs both direct (ssh) and via shares.

Do you know what it can be?


Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba