Hi, I've set the option "dos filemode = yes" for the share projects. This is the status of the file: server# smbstatus Samba version 3.4.3 PID Username Group Machine ------------------------------------------------------------------- 4556 joerg adm __ffff_10.10.10.26 (::ffff:10.10.10.26) client% getfacl test # file: test # owner: nobody # group: nogroup user::rw- user:joerg:rwx group::r-- mask::rwx other::r-- client% smbcacls //cifs-projects/projects /test Enter joerg's password: REVISION:1 CONTROL:0x9004 OWNER:NEPTUN\nobody GROUP:Unix Group\nogroup ACL:NEPTUN\nobody:ALLOWED/0x0/RW ACL:Unix Group\nogroup:ALLOWED/0x0/R ACL:NEPTUN\joerg:ALLOWED/0x0/0x001e01ff ACL:Everyone:ALLOWED/0x0/R The dos filemode option allows me to change the ACLs of the file I don't own, but I've write permission to. client% smbcacls //cifs-projects/projects /test -M 'ACL:Everyone:ALLOWED/0x0/X' Enter joerg's password: client% getfacl test # file: test # owner: nobody # group: nogroup user::rw- user:joerg:rwx group::r-- mask::rwx other::r-x client% smbcacls //cifs-projects/projects /test Enter joerg's password: REVISION:1 CONTROL:0x9004 OWNER:NEPTUN\nobody GROUP:Unix Group\nogroup ACL:NEPTUN\nobody:ALLOWED/0x0/RW ACL:Unix Group\nogroup:ALLOWED/0x0/R ACL:NEPTUN\joerg:ALLOWED/0x0/0x001e01ff ACL:Everyone:ALLOWED/0x0/READ But changing anything with setfacl fails: client% setfacl -m o::rwx test setfacl: test: Permission denied I've mounted the share on the client with the mount option noperm to pass all permission checks to the server. The server is Samba 3.4.3 running on Linux 2.6.30. The client runs Linux 2.6.31-rc5.
Created attachment 4971 [details] Dump of the network traffic while reproducing this bug There's a short time gap between the smbcacls call and the setfacl call.
Afaik this is by design. DOS Filemode is not honored if you mount with unix_extensions (default for cifs.ko against samba). If you are using unix_extensions it means you want perfect posix semantics. Also as far as I know setting acls doesn't have proper support in cifs.ko yet. Closing as invalid.
No this is not correct. Look in cifs_setxattr() and you will find: #ifdef CONFIG_CIFS_POSIX if (sb->s_flags & MS_POSIXACL) rc = CIFSSMBSetPosixACL(xid, pTcon, full_path, ea_value, (const int)value_size, ACL_TYPE_ACCESS, cifs_sb->local_nls, cifs_sb->mnt_cifs_flags & CIFS_MOUNT_MAP_SPECIAL_CHR); cFYI(1, ("set POSIX ACL rc %d", rc)); #else cFYI(1, ("set POSIX ACL not supported")); #endif So it depends on the kernel being compiled with CONFIG_CIFS_POSIX set. But the code does seem to be there. Jeremy.
this is mainly a topic that needs to be fixed by using an operating system that supports NFS4 ACLs