*New 11.3 series Release:
2019-10-05: XigmaNAS - released, 11.2 series are soon unsupported!

*New 12.0 series Release:
2019-10-05: XigmaNAS - released!

*New 11.2 series Release:
2019-09-23: XigmaNAS - released!

We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

ACLS and Users&Groups -- trying to solve a simple problem (may be Mac related)

CIFS/SMB network sharing.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
Posts: 22
Joined: 04 Oct 2018 19:04
Status: Offline

ACLS and Users&Groups -- trying to solve a simple problem (may be Mac related)


Post by birnbacs » 07 Dec 2018 11:38

On my production file server, I have a handful of users who all belong to the same group.
I whish to permit all members of the group access to files and directories created by any other group member.
Anybody else shall have no access.

I am not familiar with ACLs and always used to be happy with the POSIX users & groups concept (plus, u&g are easier to manipulate from a php script), so I set the dataset to:
ACL inherit = discard
ACL mode = discard

The CIFS/SMB share has:
browseable = on
guest = off
inherit permissions = on
ZFS ACL = off
inherit ACL = off
NTFS ACLs = off

So, we have users me and notme, both belonging to the group 2B.

On the top level of the "phoenix" dataset there is one directory:
drwxrwx--- 8 me 2B 8 Dec 7 10:00 permissiontest/

Creating a subdirectory via smblient:

Code: Select all

smbclient -U notme%x //<localhost>/phoenix
smb: \> mkdir permissiontest/created_by_notme
smb: \>exit
In the terminal I see the new directory:
drwxrwx--- 2 notme 2B 2 Dec 7 11:08 created_by_notme/

As intended, user "me" can use smbclient to e.g. change the name of that directory:

Code: Select all

smbclient -U me%x //<localhost>/phoenix
smb: \> rename permissiontest/created_by_notme premissiontest/edited_by_me
smb: \>exit
drwxrwx--- 2 notme 2B 2 Dec 7 11:08 edited_by_me/

So far, all rainbows and unicorns.
But then I use SMB from a Mac to create another directory and get this:

drwxr-xr-x 2 me 2B 2 Dec 7 11:16 created_by_me_via_Finder/

Obviously, user notme will be unable to write-access this (yes, I checked).
OK, OSX 10.7.5 is pretty ancient and I experienced such problems before, so I repeated the test with muCommander instead of Finder, to get:

drwxr-xr-x 2 me 2B 2 Dec 7 11:18 created_by_me_via_mucommander/

Same problem, obviously. The set permissions seem to reflect the user's umask, which is 0022.
I set it to 0033 and repeated the procedure (after loggin out and in again from the Mac);

drwxr-xr-x 2 me 2B 2 Dec 7 11:30 created_by_me_via_Finder_0033
drwxr-xr-x 2 me 2B 2 Dec 7 11:31 created_by_me_via_mucommander_0033

The OSX Finder used to be fine for years until it stopped using the right permissions upon file creation.
Same thing with muCommander now: it worked fine until last week.
My Mac is too old for updates and the only Apple client in the network, so this side should be all static.

Very probably I messed up settings on the server side. Ideas, anybody?

Post Reply

Return to “CIFS/SMB (Samba)”