OpenSUSE 10.2 & Samba Server - ACL inheritance not working?
12/09/2017 15:30
Probably something stupid on my part again, but here goes anyway: I've installed OpenSUSE 10.2 and updated it, and installed the latest Samba server on it. When I make a share I get the option to inherit ACLs. I studied up on ACLs, since I only knew about the standard file mode permissions. And it's quite interesting and useful to be able to add seperate users and groups to your file permissions.

So I added an extra named user and named group to the ACL of my share dir, and then tried to make some files and subdirectories from a Windows client.

But these then have standard file mode permissions, no ACLs.

So am I interpreting the inherit ACLs feature wrongly, or is something improperly configured? I used ext3 as a filesystem on my Linux machine, the Windows client is using NTFS (which should support ACLs, in case this is necessary, but I figured since Samba 'inherits' the ACLs to created files or folder, the OS of the client wouldn't matter until you tried to change these permissions?) Any tips one where I went wrong would be great! Thanks!Neko

Source is Usenet: alt.os.linux.suse
Sign in to add a comment

Answer score: 5
12/09/2017 15:30 - Followup. Still having issues with ACLs but for now I'm working with the basic file permissions. And I'm facing the same problem, so I'm guessing I'm completely misinterpreting the inheritance thing.

Now that I'm working with SWAT, more parameters have become know and available to me, among which inherit permissions.

So I tried setting these to 'on' and setting the permissions on the share folder. But still any file created in this folder by the user, either directly on the server or via a windows client, would not inherit these permissions from the folder settings.

In SWAT I also noticed you can set masks of permissions for just about everything, and the created permissions follow these masks. So whether inherit permissions is on or off does not matter.

So my question is, what exactly is this inherit permissions suipposed to do? Enlighten me please, I'm getting really frustrated by this issue :-) Neko

Source is Usenet: alt.os.linux.suse
Sign in to add a comment

Answer score: 5
12/09/2017 15:30 - Bob Bob <> wrote I've subscribed to the Samba ML and posed the same questions there. No reply whatsoever, except the request to post the smbconf file. Which I did, after that, not a whisper.

The ACLs are add-on, or so the ACL documentation on the suse website explains it. However, there's 2 inherit settings, one for ACLs and one for the ordinary permissions. The latter you can set via SWAT, and they, like the inherit ACLs don't seem to do anything at all.

The objective is study. I'm not trying to achieve anything specific. So I'm trying to figure out what this inherit ACL/permissions is supposed to do.

Bingo. That's what I supposed they're sopposed to do. But it's not working. Not at all. The masks are working, but the inheritance isn't, not when I create a file/folder on a Linux machine, not when I create it on a Windows machine. ACLs are working, I can set named users and groups on the Windows machine, users/groups are properly found on the Samba server. Just this inheritance stuff is completely ignored.

Bob, thanks for taking the time to respond. At least now I feel confident I'm interpreting it right. Maybe someone will step forward and give hints about what may be wrong with my setup.


Source is Usenet: alt.os.linux.suse
Sign in to add a comment

Answer score: 5
12/09/2017 15:30 - Hi Neko Likewise nobody answered. Be aware that there is a samba NG somewhere...

I haven't worked much on this so take my comments with a grain of salt..

I have always though that ACLs' are a kind of add-on to the normalUnix permissions system. The samba inherit permissions commandprobably only works on the normal ones.

There are one or two gotchas in using the unix permission system in aW32 environment if you want complex file protection. A file (in unix)has one owner and one group. You can only allow multiple user access byassigning them to groups and setting the protection mask accordingly.

From the W32 user standpoint it also looks a little strange that thefile/folder security settings screen only ever has three entries. ACL'sare suppose to fix that.

Whether you go the way of ACL's or not depends on what you are trying toachieve. I normally don't, instead by grouping people's job function andusing that. On the odd occasion I also allow access based on theothers or everyone mask.

But to your actual question. The normal unix action is to create a filebased on if you like a standard pattern modified by umask. If youinherit permissions, the ownership/group etc is based on the parentfolder. More importantly new subfolders also inherit. Non inheritedaction is something like Creator Owner permissions in W32.

Please be careful accepting the above as the whole truth. It's been awhile since I set my last system up and it happens rarely enough that Ihave to consult manpages etc each time.

Cheers Bob

Source is Usenet: alt.os.linux.suse
Sign in to add a comment

Helpforce eDiscover provides technical articles updated each dayHelpforce eDiscover RSS feed contains the latest technical articles in RSS
Click the logo to go back to the main page
Search eDiscover

Click an icon to go to that category

Helpforce eDiscover contains articles about Microsoft Windows Helpforce eDiscover contains articles about Apple products and MacOS Helpforce eDiscover contains articles about Linux and POSIX operating systems Helpforce eDiscover contains articles about Helpforce Helpforce has a large variety of technical information and articles for you to read Helpforce eDiscover contains articles about databases, MYSQL, SQL Server Oracle Helpforce eDiscover contains articles about Java, JVM and the JRE Helpforce eDiscover contains articles about the QNX operating system Helpforce eDiscover contains articles about Oracle Solaris and Open Solaris Helpforce eDiscover contains articles about RISC OS, Acorn and the BBC Micro Helpforce eDiscover contains articles about Amiga and AmigaOS

Type your comment into the box below