Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 10-18-2007, 12:06 PM   #1
LQ Newbie
Registered: Jan 2005
Posts: 6

Rep: Reputation: 0
Using Samba with ACLs

I have an Ubuntu 7.04/Feisty Fawn box set up as a server running (among other things) Samba. I use user security and I have ACL's up and running correctly on the box.

The issue is that my Samba server only respects the group permissions for the primary group membership on the share.

For example, if I have a share Public, which points to /share/public, and there are two group defined as:

Public-RW: bob (with rwx)


Public-RO: shelly (with r-x)

...bob will have correct access to the share, but shelly does not.

I'm certain it's something in my smb.conf file, but I'm not able to figure out what. My smb.conf reads like:

panic action = /usr/share/samba/panic-action %d
workgroup = eagle
netbios name = eagle
invalid users = root
security = user
#username map = /etc/samba/smbusers
guest account = nobody
wins support = no
log file = /var/log/samba.log
log level = 3
max log size = 1000
syslog = 1
encrypt passwords = true
passdb backend = smbpasswd
socket options = TCP_NODELAY
dns proxy = no
passwd program = /usr/bin/passwd %u
passwd chat =*Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
obey pam restrictions = yes
pam password change = no
null passwords = no

# ACL Setup
inherit permissions = yes
inherit acls = yes
map acl inherit = yes

#Share Definitions

comment = Private Shares
browseable = yes
security mask = 0770
writable = yes
path = /home
create mask = 0770

comment = Public Shares
browseable = yes
security mask = 0700
writable = yes
path = /share
create mask = 0764
Old 10-19-2007, 07:32 AM   #2
LQ Newbie
Registered: Feb 2007
Posts: 10

Rep: Reputation: 0
You're shure the ACL Setup belong into the GLOBAL Section of the conf?

I have a Samba 3.0.24 running in an NT 4 domain as a member server with Windows-ACL's working as expected on the XP-Clients. But i have put the
corresponding [share] section of the smbd.conf

        workgroup = Foo
        netbios name = merlin
        security = DOMAIN
        passdb backend = tdbsam
        log level = 1
        syslog = 0
        log file = /var/log/samba/log.%m
        ldap ssl = no
        idmap uid = 10000-90000
        idmap gid = 10000-90000
        template homedir = /home/%U
        winbind use default domain = Yes
        smb ports = 139

        comment = Stuff
        path = /storage
        read only = No
        create mask = 0777
        directory mask = 0777
        inherit permissions = Yes
        inherit acls = Yes
        map acl inherit = Yes
        map archive = No
        map readonly = no
        store dos attributes = Yes
That should work in security mode user to

(Oh and i use winbind to map the NT users to valid Linux userid's, but should be of no concern)


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
squid acls ikinnu Linux - Networking 2 08-25-2007 04:24 PM
LDAP ACLs ziox Linux - Server 0 04-20-2007 11:07 PM
Windows ACLs and FC5/Samba/rsync Unclesmiff Linux - Enterprise 1 02-23-2007 03:12 AM
SambaPDC and ACLs ziggy1621 Linux - Networking 4 12-21-2005 07:10 AM
Linux ACLs kcv Linux - Security 6 09-14-2005 03:50 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:08 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration