Hello all,
I've just noticed a huge issue on my company SaMBa server : acls which were working fine don't work anymore and I can't figure why.
Read access is always working for 'other' whereas other access is 000
here is my smb.conf
Code:
[global]
netbios name= myserver
workgroup = mydomain
server string = myserver
#--------------------config PDC-----------------------#
domain master = Yes
local master = Yes
domain logons = Yes
os level = 40
ldap passwd sync = Yes
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=mycompany,dc=com
ldap suffix = dc=mycompany,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Machines
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
logon path = \\%L\profile\%U
logon drive = U:
logon home = \\%L\%U
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
case sensitive = No
default case = lower
preserve case = yes
short preserve case = Yes
[partage]
writeable = yes
admin users = @admingroup,@staffgroup
path = /home/partage
comment = partage
valid users = @bossgroup,@admingroup,@gamegroup,@devgroup,@graphismegroup,@staffgroup,@comgroup,@seriousgroup,@leelhgroup
profile acls = yes
inherit permissions = yes
inherit acls = yes
map acl inherit = yes
When i do ls -al in /home/partage here is what I get
Code:
drwxrwx---+ 16 root admingroup 4096 jan 28 15:09 .
drwxr-xr-x 20 root root 4096 jan 26 14:39 ..
drwxrwx---+ 19 sha staffgroup 4096 jan 26 09:26 3dduo_staff
---------- 1 root root 0 déc 16 10:12 autorun.inf
drwxrwx---+ 13 sha admingroup 4096 aoû 11 00:36 demos
-rwxrwxr-x+ 1 root staffgroup 15364 jan 20 18:28 .DS_Store
drwxrwx---+ 9 sha commercialgroup 4096 oct 21 19:19 pole_commercial
drwxrwx---+ 31 sha comgroup 4096 jan 28 10:26 pole_communication
drwxrwx---+ 4 sha admingroup 4096 aoû 10 22:11 pole_community_management
drwxrwx---+ 17 sha devgroup 4096 jan 7 17:01 pole_dev
drwxrwx---+ 11 sha gamegroup 4096 déc 15 19:01 pole_game_design
drwxrwx---+ 17 sha commercialgroup 4096 jan 25 09:53 pole_gestion_projet
drwxrwx---+ 13 sha graphismegroup 4096 jan 4 11:06 pole_graphisme
drwxrwx---+ 8 root admingroup 4096 jan 6 17:15 pole_reseaux
drwxrwxrwx+ 6 root staffgroup 4096 jan 3 16:54 pole_RH
drwxrwx---+ 29 sha staffgroup 4096 jan 25 18:38 projets
drwxrwx---+ 57 sha admingroup 4096 déc 13 10:24 projets_finis
drwxrwxr-x+ 2 root graphismegroup 4096 jan 4 15:48 Recycled
and a getfacl for a random folder which should be readable only by its group
Code:
# file: pole_reseaux/
# owner: root
# group: admingroup
user::rwx
group::rwx
group:admingroup:rwx
mask::rwx
other::---
Also, when i do ps aux | grep smb
all processus users are 'root' whereas before there were ldap users
Thanks in advance for your help