On a client to a Samba share for which Windows ACLs are configured, "ls -l" reports incorrect information, and no "+" is present to indicate that ACLs have been configured: ------------------------------ mcrs3:/TCS # ls -lh testfile -rwxr-xr-x 1 root root 0 Sep 14 23:05 testfile # permissions are incorrect, "+" is missing, and owner and primary group owner are incorrect mcrs3:/TCS # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser GROUP:VPTC3\Domain Users ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO mcrs3:/TCS # ------------------------------ Still on the client, "chown" and "chmod" fail without error: ------------------------------ mcrs3:/TCS # chown vptc3\\mveil testfile mcrs3:/TCS # chmod u+x testfile mcrs3:/TCS # mcrs3:/TCS # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser GROUP:VPTC3\Domain Users ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO mcrs3:/TCS # ------------------------------ On the server side, these issues are not present: ------------------------------ mcrs3:/.TCS_local # ls -l testfile -rw-rwx---+ 1 VPTC3\cifsuser VPTC3\domain users 0 Sep 14 23:05 testfile mcrs3:/.TCS_local # mcrs3:/.TCS_local # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser GROUP:VPTC3\Domain Users ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO mcrs3:/.TCS_local # mcrs3:/.TCS_local # chown vptc3\\mveil testfile mcrs3:/.TCS_local # chmod u+x testfile mcrs3:/.TCS_local # mcrs3:/.TCS_local # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\mveil GROUP:VPTC3\Domain Users ACL:VPTC3\mveil:ALLOWED/0x0/FULL ACL:VPTC3\Domain Users:ALLOWED/0x0/ ACL:VPTC3\Domain Users:ALLOWED/0x0/ ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO ACL:Everyone:ALLOWED/0x0/ mcrs3:/.TCS_local # mcrs3:/.TCS_local # ls -l testfile -rwxrwx---+ 1 VPTC3\mveil VPTC3\domain users 0 Sep 14 23:05 testfile mcrs3:/.TCS_local # ------------------------------ My sernet-samba version is 99:4.12.2-11.suse150. My mount is: ------------------------------ mcrs3:/TCS # grep "TCS " /etc/fstab //mcrs3/TCS /TCS cifs user=cifsuser,multiuser,domain=VPTC3,sec=krb5,mfsymlinks,vers=3.0 0 0 mcrs3:/TCS # ------------------------------
Hi Micah, If you're expecting translation of unix perm bits to ACLs, you need to use the "cifsacl" mount option. Can you try that and see if it helps for you?
Thanks Shyam, you're right. The results with the "cifsacl" mount option are still problematic. My mount options are now: ------------------------------ mcrw1:/TCS # grep "TCS " /etc/fstab //mcrs3/TCS /TCS cifs user=cifsuser,multiuser,domain=VPTC3,sec=krb5,iocharset=utf8,cifsacl,mfsymlinks,nobrl,vers=3.0 0 0 mcrw1:/TCS # ------------------------------ The "+" is still missing from the output of "ls -l": ------------------------------ mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser GROUP:VPTC3\Domain Users ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO mcrw1:/TCS # mcrw1:/TCS # ls -l testfile -rw------- 1 VPTC3\cifsuser VPTC3\domain users 0 Sep 15 16:49 testfile # permissions are ok, owner and primary group owner are ok, but no "+" is present to indicate the use of extended ACLs mcrw1:/TCS # ------------------------------ "chown" fails with error: ------------------------------ mcrw1:/TCS # chown vptc3\\mveil testfile chown: changing ownership of 'testfile': Input/output error mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser # no ownership change made, but at least an error was reported GROUP:VPTC3\Domain Users ACL:VPTC3\Domain Admins:ALLOWED/0x0/RWDPO ACL:VPTC3\cifsuser:ALLOWED/0x0/RWDPO mcrw1:/TCS # ------------------------------ "chmod" makes correct changes to the target user, but also incorrect changes to other users: ------------------------------ mcrw1:/TCS # chmod u+x testfile mcrw1:/TCS # smbcacls //mcrs3/TCS /testfile -k yes REVISION:1 CONTROL:SR|DP OWNER:VPTC3\cifsuser GROUP:VPTC3\Domain Users ACL:VPTC3\cifsuser:ALLOWED/0x0/FULL # permissions changed as expected ACL:VPTC3\Domain Users:ALLOWED/0x0/0x00120088 # permissions set unintentionally for "Domain Users", and removed unintentionally for "Domain Admins" ACL:Everyone:ALLOWED/0x0/0x00120088 # permissions set unintentionally mcrw1:/TCS # ------------------------------ "ls -l" now reports updated information, which is correct within the limits of what it can convey, though the "+" is of course still missing: ------------------------------ mcrw1:/TCS # ls -l testfile -rwx------ 1 VPTC3\cifsuser VPTC3\domain users 0 Sep 15 16:49 testfile mcrw1:/TCS # ------------------------------