Find the answer to your Linux question:
Results 1 to 2 of 2
I'm running RHEL5 as a file server on a Windows Domain network. The file server authenticates via AD and all is working well there. My issue is directory and file ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2011
    Posts
    5

    Windows Clients dont respect Linux Default ACL?


    I'm running RHEL5 as a file server on a Windows Domain network. The file server authenticates via AD and all is working well there.
    My issue is directory and file permissions when accessing the samba share via Windows client.

    For example I have a directory called ITAR that ONLY members of the itar_auth group should have access to.
    #getfacl ITAR/
    # file: ITAR
    # owner: nobody
    # group: itar_auth
    user::---
    group::rwx
    other::---
    default:user::---
    default:group::rwx
    default:group:itar_auth:rwx
    default:mask::rwx
    default:other::---

    Due to the default permissions set if you are a member of itar_auth and ssh into the machine and access the share to create a directory you will get these permissions set;
    $getfacl Test
    # file: Test
    # owner: genuser
    # group: domain\040users
    user::---
    group::rwx
    group:itar_auth:rwx
    mask::rwx
    other::---
    default:user::---
    default:group::rwx
    default:group:itar_auth:rwx
    default:mask::rwx
    default:other::---

    So far so good, however, when I access the share from a window machine and create a directory, I get;
    $getfacl TestWin/
    # file: TestWin
    # owner: genuser
    # group: domain\040users
    user::rwx
    group::r-x
    group:itar_auth:rwx
    mask::rwx
    other::r-x
    default:user::---
    default:group::rwx
    default:group:itar_auth:rwx
    default:mask::rwx
    default:other::---

    As you can see Other gets Read, Execute and the user gets RWX, this is not properly inheriting the default permissions.

    Here is a file created by the Windows user;
    $getfacl genuser.txt
    # file: genuser.txt
    # owner: genuser
    # group: domain\040users
    user::-wx
    group::rwx
    group:itar_auth:rwx
    mask::rwx
    other::---

    As you can see here the user has no Read permissions, and even though the group has RWX I cannot actually read the file!
    I'm not sure how to go about forcing Windows to work the way I want it to on the Linux volume.

    Any thoughts on this would be greatly appreciated!

  2. #2
    Just Joined!
    Join Date
    May 2011
    Posts
    5
    No one has any thoughts on this? Is there some more detail I could provide for clarity, or is there just no answer to this question?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •