我想配置 Samba 来管理 Windows ACL,并通过 Windows 的安全选项卡对其进行管理。Samba 服务器是独立的,不是 AD 树的一部分;我已经遵循了各种官方和非官方指南,但似乎没有任何效果。
该机器在 ZFS 上的 Debian 12 LXC 上运行,ZFS 挂载点确实支持 ACL:
$ mount | grep acl
rpool/data/subvol-107-disk-0 on / type zfs (rw,noatime,xattr,posixacl)
rpool/data/subvol-107-disk-1 on /data/share1 type zfs (rw,noatime,xattr,posixacl)
我确实为每个共享创建了一个 ZFS 池,在此示例中为 /data/share1。
Samba 版本为 4.17.9-Debian
文件夹 ACL 已设置:
$ ls -lah /data/share1/
total 12K
drwxrwxr-x+ 3 administrator administrator 3 Jul 24 13:13 .
drwxr-xr-x 3 root root 3 Jul 24 11:09 ..
drwxrwxr-x+ 2 administrator administrator 2 Jul 24 11:59 test
$ getfacl /data/share1/
getfacl: Removing leading '/' from absolute path names
# file: data/share1/
# owner: administrator
# group: administrator
user::rwx
user:administrator:rwx
group::r-x
mask::rwx
other::r-x
我已经适当地配置了 smb.conf:
[global]
workgroup = CMC
username map = /etc/samba/users.map
server string = file-server
log level = 5
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
map to guest = bad user
acl allow execute always = yes
[homes]
comment = Home Directories
browseable = no
map acl inherit = yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = yes
[share1]
path = /data/share1/test
guest ok = no
comment = Cartella di test smb
read only = no
browseable = yes
map acl inherit = yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = no
store dos attributes = yes
inherit acls = yes
根据我的测试,如果我使用此配置进行共享:
map acl inherit = yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = yes
我从 Windows 安全选项卡中没有得到任何信息:
如果我使用具有以下配置的 linuxacl:
map acl inherit = yes
vfs objects = acl_xattr
acl_xattr:ignore system acls = no
store dos attributes = yes
inherit acls = yes
我在 Windows 安全选项卡中获得了更多反馈
但是如果我尝试从那里编辑 ACL,它总是拒绝我访问。