The Samba-Bugzilla – Bug 6063
ACL can't set refused permission
Last modified: 2009-02-26 19:38:18 UTC
I have install samba 3.2.7
I want set acl folder from windows interface.
I can set allow function.
But I can't set refused permission function.
When I set refused permission and click apply.
My refused permission checkbox will show empty.
It's my smb.conf
log file = /var/log/samba/log.%m
cups options = raw
load printers = yes
server string = Fileserver3
workgroup = LINGUITRONICS
os level = 20
security = ads
passdb backend = tdbsam
max log size = 50
realm = linguitronics.com
netbios name = Fileserver3
password server = etams001.linguitronics.com
encrypt passwords = yes
nt acl support = yes
inherit acls = yes
inherit owner = yes
inherit permissions = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
And my share folder settings:
comment = abc
path = /samba/abc
public = yes
writeable = yes
create mask = 0777
directory mask = 0777
directory security mask = 0777
#vfs object = recycle extd_audit vscan-fprotd
#vscan-oav: config-file = /etc/samba/vscan-fprotd.conf
#recycle:repository = ../Garbage/%u
#recycle:versions = yes
#recycle:keeptree = yes
admin users = LINGUITRONICS\akong, LINGUITRONICS\stephen, LINGUITRONICS\brian, LINGUITRONICS\Administrator
How to fix it?
Created attachment 3888 [details]
I want setup everyone reject used
I click reject at all to everyone.
Created attachment 3889 [details]
You can see it,s reject before apply.
Created attachment 3890 [details]
It's function unused.
It's settings can't use when I apply.
It's still show allow.
I can't set refused permission.
This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs to Posix ACLs semantics work.
Jeremy is working on a full user space ACL implementation as a VFS module that one day may address DENY controls, but until then this works as designed.
(In reply to comment #4)
> This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs
> to Posix ACLs semantics work.
> Jeremy is working on a full user space ACL implementation as a VFS module that
> one day may address DENY controls, but until then this works as designed.
Thanks for reply
So, is this a samba vfs moduel in the feature?
Is it right?
And it's can't resloved in this time?
Thanks a lot.
Right. It can't be resolved this time in Samba.
You might want to try 3.3.1 which has two experimental VFS ACL modules that implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these should work the same as Windows. The ACL modules are acl_xattr or acl_tdb.
(In reply to comment #7)
> You might want to try 3.3.1 which has two experimental VFS ACL modules that
> implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these
> should work the same as Windows. The ACL modules are acl_xattr or acl_tdb.
Thanks a lot.
I will try it.
If I use ./configure to compile it.
What I must to compile into it?
Thanks a lot.