I'm having issues that the SMB server is ignoring ACLs. Anyone know a work around?
This is a Leopard Server with all current updates applied.
Here is an example. An AFP client adds a directory on our file server. Permissions auto-set to 755 for the directory (standard POSIX behavior). ACLs are set to be 777 for the default group, staff (we're a small office where everyone should have full access). AFP clients can go and add directories, files, etc successfully, getting full 777 access on everything on the server.
SMB clients see the permissions in a very different way. 755 dir with 777 ACL allows for creating a directory via SMB (different user, same group). However, SMB refuses to permit the SMB client to rename the new directory. Similarly, SMB cannot rename or move any files/directories in the directory. We have also had files delete themselves when SMB tries to rename directories, though I have no tracking to confirm this is actually a bug or just a side affect. Our SMB clients are running Windows XP, both Home and Pro.
Our fix is everytime someone has this issue is to go to server addming and propagate group permissions of R/W through the directory that the SMB client is having problems with, then SMB works file with the parent directory having 775 permissions.
Note, umask can't modify LDAP users. I've tried...no success forcing the AFP client to write the permissions of the new DIR as 775, which would bypass the problem until Apple fixes SMB.
Anyone have a work around or a fix for SMB ignoring the ACLs?
Thanks!
P.S. - I've seen several threads on the Apple forums with similar issues...none with resolutions.
This is a Leopard Server with all current updates applied.
Here is an example. An AFP client adds a directory on our file server. Permissions auto-set to 755 for the directory (standard POSIX behavior). ACLs are set to be 777 for the default group, staff (we're a small office where everyone should have full access). AFP clients can go and add directories, files, etc successfully, getting full 777 access on everything on the server.
SMB clients see the permissions in a very different way. 755 dir with 777 ACL allows for creating a directory via SMB (different user, same group). However, SMB refuses to permit the SMB client to rename the new directory. Similarly, SMB cannot rename or move any files/directories in the directory. We have also had files delete themselves when SMB tries to rename directories, though I have no tracking to confirm this is actually a bug or just a side affect. Our SMB clients are running Windows XP, both Home and Pro.
Our fix is everytime someone has this issue is to go to server addming and propagate group permissions of R/W through the directory that the SMB client is having problems with, then SMB works file with the parent directory having 775 permissions.
Note, umask can't modify LDAP users. I've tried...no success forcing the AFP client to write the permissions of the new DIR as 775, which would bypass the problem until Apple fixes SMB.
Anyone have a work around or a fix for SMB ignoring the ACLs?
Thanks!
P.S. - I've seen several threads on the Apple forums with similar issues...none with resolutions.