Re: ACLS without winbind (but WITH correct user mapping)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 22/06/12 12:22, steve wrote:
On 22/06/12 12:50, Colin Fowler wrote:
On 22/06/12 11:46, steve wrote:
On 22/06/12 11:41, Colin Fowler wrote:
On 21/06/12 17:50, Jeremy Allison wrote:
On Thu, Jun 21, 2012 at 05:50:45PM +0100, Colin Fowler wrote:

Am I corect in thinking that this is something that would be desireable
for others and not just me and my rather oddball configuration? For
people using standalone servers, NSS/LDAP etc and any other places where
winbind is not used, this would be a rather useful feature, no?

Hi Colin, Hi Jeremy
I don't think it's so oddball. We also use nss for our rfc2307
mappings from the S4 directory for Linux clients joined to the domain.
It works perfectly via NFS to Linux but acls on shares on s3fs between
Linux and windows are not quite right.

Colin: Are you talking about setting an acl on windows and it being
honoured by Linux and vica versa?

Jeremy: are you saying that acl mappings 'both ways' only work with

If so, a big +1 from me to get the 'both' ways working. Very
desirable. Maybe this will get easier when we can put stuff like
create mode= and force group= in smb.conf.


Hi Steve, yes, I'd like users to be able to set an ACL in Windows for a
domain user and for it to be honoured in Linux for the mapped Unix user.
Currently if I set an ACL in Linux for the Unix user, it actually
appears correctly in the security dialog box on windows. I just can't
set a new ACL from Windows.


Hi Colin
That's interesting. I have a bugzilla open on something similar:

So, when a user creates a file, e.g. in his home folder in windows, do the acl and permissions appear correct back on the fileserver or when the same file is viewed on a Linux client?


Hi Steve, I'm running Samba 3.6.5 currently, not 4.0 and I'm running without winbind· When a user in windows (DOMAIN\bob) creates a file, it appears on linux as owned by the unix user bob. There's no acls on the file, just a file with the ownerships of bob and bob's primary group (staff). If on Linux I add an ACL for the user tom via setfacl, I can see the user tom in the security list in Windows as (Unix User\tom). What I can't do is add ACLs from windows.

To unsubscribe from this list go to the following URL and read the

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux