I'm trying to set up a very simple samba configuration, in which a single user (the owner of the share) has full access to the share, and other users have only read access. The following is the smb.conf:
[global]
security = user
workgroup = WORKGROUP
server string = Samba Server %v
encrypt passwords = yes
log file = /var/log/samba/log.%m
max log size = 50
create mask = 644
force create mode = 644
directory mask = 755
force directory mode = 755
[test]
comment = Test
path = /admin/test
writeable = yes
browseable = yes
I can create and modify files from windows without problems most of the time, but some applications add extended ACL when saving files (like MS Word for example), and afterwards I can't modify or overwrite those files, but oddly enough I can delete them.
root@vsapdes:/admin/test=>ls -l
total 16
-rw-r--r-- 1 usrcap usr 4 Jun 27 12:59 notepad_file_no_acl.txt
-rw-r--r--+ 1 usrcap usr 11256 Jun 27 2019 word_file_with_acl.docx
root@vsapdes:/admin/test=>aclget word_file_with_acl.docx
*
* ACL_type AIXC
*
attributes:
base permissions
owner(usrcap): rw-
group(usr): r--
others: r--
extended permissions
enabled
specify r-- g:usr
specify rw- u:usrcap
The samba server is version 4.9.3 and is running on AIX 7.1 in case that has anything to do with the problem (I can modify the file from the terminal with the same user I login into samba with, so I don't think thats the case).
Best Answer
I can think of two things you can do.
You can declare the owner user as the share admin as described in the smb.conf documentation. The admin user is not bound by any ACL restrictions and can do as he likes.
Another possibility would be to just disable ACLs. I have not tried this myself but you could experiment with disabling the options
map acl inherit
,store dos attributes
andea support
. If you don't care for the ACLs at all you could certainly try this.