Samba uses ACLs. Like it or not if you say "I don't want to use ACLs" then you are also saying "I don't want to use Samba or AFP". Both of those use ACLs.
Okay, I'd like to whine about this for a bit if I may, because I don't much care for ACLs, either. While I can see the flexibility they might provide on a shared directory, on a single-user desktop system I don't immediately see the value they provide over UNIX permission bits. And the command line syntax for setfacl(1) is awful.
A close reading of the acl(5) man page on Linux suggests that the system keeps UNIX permission bits and ACLs in sync -- changing one will change the other to a compatible setting. So that implies that using chmod(1) fiddles ACLs behind your back (reasonable, I suppose), so you're using ACLs whether you want to or not. The man page also explains the evaluation order for allow/deny processing (the BSD man pages are rather less forthcoming on this matter).
However, I appear to have b0rk3d something on one side or the other. When I run getfacl on a file on the FreeNAS server, I see this:
Code:
$ ls -l 01\ -\ Trebolactiko\ -\ Ascencion.ogg
-rw-r--r-- 1 ewhac ewhac 9478961 Aug 11 00:04 01 - Trebolactiko - Ascencion.ogg
$ getfacl 01\ -\ Trebolactiko\ -\ Ascencion.ogg
# file: 01 - Trebolactiko - Ascencion.ogg
# owner: ewhac
# group: ewhac
owner@:rw-p--aARWcCos:------:allow
group@:r-----a-R-c--s:------:allow
everyone@:r-----a-R-c--s:------:allow
However, when I run getfacl on the same file from a CIFS mount on a Linux box, I see this:
Code:
$ ls -l 01\ -\ Trebolactiko\ -\ Ascencion.ogg
-rw-r--r-- 1 ewhac ewhac 9478961 Aug 11 00:04 01 - Trebolactiko - Ascencion.ogg
$ getfacl 01\ -\ Trebolactiko\ -\ Ascencion.ogg
# file: 01 - Trebolactiko - Ascencion.ogg
# owner: ewhac
# group: ewhac
The CIFS share is mounted as follows:
Code:
//xxxx/ewhac on /cifs/xxxx/ewhac type cifs (rw,relatime,vers=1.0,cache=strict,username=ewhac,domain=EWHAC-LAN,uid=xxxx,forceuid,gid=xxxx,forcegid,addr=10.x.x.x,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)
Any thoughts? (...Hmm. Now that I look at it, maybe I should crank 'vers' to 2.0?)