I'm using Samba 3.0.2a PDC (compile with --with-acl-support) on FreeBSD 5.2.1. And i have problems with display of access rights on directories: # getfacl /var/tmp/test/test-folder #file:/var/tmp/test/test-folder #owner:2004 #group:2513 user::rwx user:cboss:rwx group::r-x mask::rwx other::r-x smbcacls show this ACL's: # smbcacls //server/test test-folder -U tiamat Password: REVISION:1 OWNER:KOMI\tiamat GROUP:KOMI\Domain Users ACL:KOMI\tiamat:ALLOWED/0/FULL ACL:KOMI\Domain Users:ALLOWED/0/READ ACL:KOMI\cboss:ALLOWED/0/FULL ACL:\Everyone:ALLOWED/0/READ But explorer (from Windows 2000 SP4) on \\server\test\test-folder properties (in security tab) show empty ACL permission's for all users and groups (please, see http://194.186.147.81/~tiamat/acl.jpg) Thanks a lot!
sorry, i forgotten my smb.conf: [global] dos charset = 866 unix charset = UTF8 display charset = UTF8 workgroup = KOMI passdb backend = 'ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi' guest account = guest log file = /var/log/samba/%m.log domain logons = Yes os level = 255 domain master = Yes wins support = Yes ldap suffix = dc=komi,dc=mts,dc=ru ldap admin dn = cn=manager,dc=komi,dc=mts,dc=ru host msdfs = Yes use sendfile = Yes [test] path = /var/tmp/test read only = No Thanks!
Jeremy, this is what we spoke about at SambaXP. Can you take a look when you get a chance? Thanks.
Explorer security tab properties display only default ACL of a directory instead of the access ACL. Example: 1. create directory test without default ACL: test directory ACL: % getfacl test #file:test #owner:2004 #group:2513 user::rwx group::r-x group:veda:rwx group:admins:rwx mask::rwx other::r-x test directory default ACL % getfacl -d test #file:test #owner:2004 #group:2513 user::rwx group::--- other::--- % smbcacls //server/share test -U tiamat REVISION:1 OWNER:KOMI\tiamat GROUP:KOMI\Domain Users ACL:KOMI\tiamat:ALLOWED/0/FULL ACL:KOMI\Domain Admins:ALLOWED/0/FULL ACL:KOMI\Domain Veda:ALLOWED/0/FULL ACL:KOMI\Domain Users:ALLOWED/0/READ ACL:\Everyone:ALLOWED/0/READ ACL:\Creator Owner:ALLOWED/11/FULL ACL:\Creator Group:ALLOWED/11/ ACL:\Everyone:ALLOWED/11/ explorer show empty security permissions on this directory: http://213.87.48.51/~tiamat/acl1.bmp 2. create directory test with default ACL: test directory ACL: % getfacl test #file:test #owner:2004 #group:2513 user::rwx group::r-x group:veda:rwx group:admins:rwx mask::rwx other::r-x test directory default ACL % getfacl -d test #file:test #owner:2004 #group:2513 user::rwx group::--- group:veda:rwx group:admins:rwx mask::rwx other::--- % smbcacls //server/share test -U tiamat REVISION:1 OWNER:KOMI\tiamat GROUP:KOMI\Domain Users ACL:KOMI\Domain Admins:ALLOWED/3/FULL ACL:KOMI\Domain Veda:ALLOWED/3/FULL ACL:\Everyone:ALLOWED/0/READ ACL:KOMI\tiamat:ALLOWED/0/FULL ACL:KOMI\Domain Users:ALLOWED/0/READ ACL:\Creator Owner:ALLOWED/11/FULL ACL:\Creator Group:ALLOWED/11/ ACL:\Everyone:ALLOWED/11/ explorer show security permissions on this directory: http://213.87.48.51/~tiamat/acl2.bmp Thanks a lot!
Sorry i forgotten: Samba 3.0.7
*** Bug 1865 has been marked as a duplicate of this bug. ***
This looks to me like an artifact of the security viewer. If the "normal" and "default" acls on a directory match (ie. a user of group is present in both, and differs by inheritence etc.) - this is what a Windows file server would return, and so the security viewer shows the correct bits. If I set a missmatched POSIX acl and default POSIX acl on a directory, and view using the XP security viewer, then again no bits are displayed. But if you look into the "advanced" tab you will see all the "normal" and "default" acls as set on the file - it's just the "non-advanced" view won't show them to you. I'm not sure we can fix this in Samba. Jeremy.
marking as 'wont fix' based on jeremy's comments.