Latest News:
2018-11-29: XigmaNAS - released!

We really need "Your" help on XigmaNAS translations. Please help today!

Producing and hosting XigmaNAS cost money, please consider a donation to our project so we can continue to offer you the best.
We need your support! eg: PAYPAL

ACLS and Users&Groups -- trying to solve a simple problem (may be Mac related)

CIFS/SMB network sharing.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
Posts: 11
Joined: 04 Oct 2018 19:04
Status: Offline

ACLS and Users&Groups -- trying to solve a simple problem (may be Mac related)


Post by birnbacs » 07 Dec 2018 11:38

On my production file server, I have a handful of users who all belong to the same group.
I whish to permit all members of the group access to files and directories created by any other group member.
Anybody else shall have no access.

I am not familiar with ACLs and always used to be happy with the POSIX users & groups concept (plus, u&g are easier to manipulate from a php script), so I set the dataset to:
ACL inherit = discard
ACL mode = discard

The CIFS/SMB share has:
browseable = on
guest = off
inherit permissions = on
ZFS ACL = off
inherit ACL = off
NTFS ACLs = off

So, we have users me and notme, both belonging to the group 2B.

On the top level of the "phoenix" dataset there is one directory:
drwxrwx--- 8 me 2B 8 Dec 7 10:00 permissiontest/

Creating a subdirectory via smblient:

Code: Select all

smbclient -U notme%x //<localhost>/phoenix
smb: \> mkdir permissiontest/created_by_notme
smb: \>exit
In the terminal I see the new directory:
drwxrwx--- 2 notme 2B 2 Dec 7 11:08 created_by_notme/

As intended, user "me" can use smbclient to e.g. change the name of that directory:

Code: Select all

smbclient -U me%x //<localhost>/phoenix
smb: \> rename permissiontest/created_by_notme premissiontest/edited_by_me
smb: \>exit
drwxrwx--- 2 notme 2B 2 Dec 7 11:08 edited_by_me/

So far, all rainbows and unicorns.
But then I use SMB from a Mac to create another directory and get this:

drwxr-xr-x 2 me 2B 2 Dec 7 11:16 created_by_me_via_Finder/

Obviously, user notme will be unable to write-access this (yes, I checked).
OK, OSX 10.7.5 is pretty ancient and I experienced such problems before, so I repeated the test with muCommander instead of Finder, to get:

drwxr-xr-x 2 me 2B 2 Dec 7 11:18 created_by_me_via_mucommander/

Same problem, obviously. The set permissions seem to reflect the user's umask, which is 0022.
I set it to 0033 and repeated the procedure (after loggin out and in again from the Mac);

drwxr-xr-x 2 me 2B 2 Dec 7 11:30 created_by_me_via_Finder_0033
drwxr-xr-x 2 me 2B 2 Dec 7 11:31 created_by_me_via_mucommander_0033

The OSX Finder used to be fine for years until it stopped using the right permissions upon file creation.
Same thing with muCommander now: it worked fine until last week.
My Mac is too old for updates and the only Apple client in the network, so this side should be all static.

Very probably I messed up settings on the server side. Ideas, anybody?

Post Reply

Return to “CIFS/SMB (Samba)”