Using Samba with ACLs
 

I have an Ubuntu 7.04/Feisty Fawn box set up as a server running (among other things) Samba. I use user security and I have ACL's up and running correctly on the box.

The issue is that my Samba server only respects the group permissions for the primary group membership on the share.

For example, if I have a share Public, which points to /share/public, and there are two group defined as:

Public-RW: bob (with rwx)

and

Public-RO: shelly (with r-x)

...bob will have correct access to the share, but shelly does not.

I'm certain it's something in my smb.conf file, but I'm not able to figure out what. My smb.conf reads like:

[global]
panic action = /usr/share/samba/panic-action %d
workgroup = eagle
netbios name = eagle
invalid users = root
security = user
#username map = /etc/samba/smbusers
guest account = nobody
wins support = no
log file = /var/log/samba.log
log level = 3
max log size = 1000
syslog = 1
encrypt passwords = true
passdb backend = smbpasswd
socket options = TCP_NODELAY
dns proxy = no
passwd program = /usr/bin/passwd %u
passwd chat =*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes
pam password change = no
null passwords = no

# ACL Setup
inherit permissions = yes
inherit acls = yes
map acl inherit = yes

#Share Definitions
#

[Private]
comment = Private Shares
browseable = yes
security mask = 0770
writable = yes
path = /home
create mask = 0770

[Public]
comment = Public Shares
browseable = yes
security mask = 0700
writable = yes
path = /share
create mask = 0764

You're shure the ACL Setup belong into the GLOBAL Section of the conf?

I have a Samba 3.0.24 running in an NT 4 domain as a member server with Windows-ACL's working as expected on the XP-Clients. But i have put the
corresponding [share] section of the smbd.conf

That should work in security mode user to

(Oh and i use winbind to map the NT users to valid Linux userid's, but should be of no concern)