Hello, I have install samba 3.2.7 I want set acl folder from windows interface. I can set allow function. But I can't set refused permission function. When I set refused permission and click apply. My refused permission checkbox will show empty. It's my smb.conf [global] log file = /var/log/samba/log.%m cups options = raw load printers = yes server string = Fileserver3 workgroup = LINGUITRONICS os level = 20 security = ads passdb backend = tdbsam max log size = 50 realm = linguitronics.com netbios name = Fileserver3 password server = etams001.linguitronics.com encrypt passwords = yes nt acl support = yes inherit acls = yes inherit owner = yes inherit permissions = yes idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes And my share folder settings: [abc] comment = abc path = /samba/abc public = yes writeable = yes create mask = 0777 directory mask = 0777 directory security mask = 0777 #vfs object = recycle extd_audit vscan-fprotd #vscan-oav: config-file = /etc/samba/vscan-fprotd.conf #recycle:repository = ../Garbage/%u #recycle:versions = yes #recycle:keeptree = yes admin users = LINGUITRONICS\akong, LINGUITRONICS\stephen, LINGUITRONICS\brian, LINGUITRONICS\Administrator How to fix it?
Created attachment 3888 [details] I want setup everyone reject used I click reject at all to everyone.
Created attachment 3889 [details] advanced function You can see it,s reject before apply.
Created attachment 3890 [details] It's function unused. It's settings can't use when I apply. It's still show allow. I can't set refused permission.
This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs to Posix ACLs semantics work. Jeremy is working on a full user space ACL implementation as a VFS module that one day may address DENY controls, but until then this works as designed.
(In reply to comment #4) > This is not actually a bug, but a limitation of how ACL mapping from NTFS ACLs > to Posix ACLs semantics work. > > Jeremy is working on a full user space ACL implementation as a VFS module that > one day may address DENY controls, but until then this works as designed. > Thanks for reply So, is this a samba vfs moduel in the feature? Is it right? And it's can't resloved in this time? Thanks a lot.
Right. It can't be resolved this time in Samba. Volker
You might want to try 3.3.1 which has two experimental VFS ACL modules that implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these should work the same as Windows. The ACL modules are acl_xattr or acl_tdb. Jeremy.
(In reply to comment #7) > You might want to try 3.3.1 which has two experimental VFS ACL modules that > implement Windows ACL layered on top of POSIX ACLs. For doing deny ACLs these > should work the same as Windows. The ACL modules are acl_xattr or acl_tdb. > Jeremy. > Thanks a lot. I will try it. If I use ./configure to compile it. What I must to compile into it? Thanks a lot.