Setting ACLs via Windows client
kill -9
kill-9 at warbeast.com
Mon Sep 17 21:09:02 GMT 2001
I had problems with this also using ext2fs, posix acls, and any client,
2.2.1a. The permissions would fail with access denied. I did a cvs update
today, and all the sudden it worked. I did however do something this time
that I had never done before. I actually removed everything from the old
samba install dirs and installed fresh, the copied over the relevant
config files, lmhosts, etc. I have not tried from nt yet, but I did try
from win98 nexus tools, which never even came close to working before.
Later,
Alex
On Mon, 17 Sep 2001, Michels, Gustavo
[EES/BR] wrote:
> Date: Mon, 17 Sep 2001 21:57:47 +0100
> From: "Michels, Gustavo [EES/BR]" <gustavo.michels at emersonenergy.com>
> To: David Brodbeck <DavidB at mail.interclean.com>, samba at lists.samba.org
> Subject: RE: Setting ACLs via Windows client
>
> Hi David,
>
> Thanks for your prompt reply! Could you put here a result of a getfacl of
> one of your shares? Now that I have messed with chmod, I would like to know
> how you left all the permissions set.
>
> cheers
> Gustavo
>
> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: segunda-feira, 17 de setembro de 2001 17:46
> To: Michels, Gustavo [EES/BR]; samba at lists.samba.org
> Subject: RE: Setting ACLs via Windows client
>
>
> I've been having the same problem with Windows NT 4 clients, Samba 2.2.1a,
> and ext2fs with the ACL patches. I can set the ACLs just fine with setfacl,
> and the clients honor them, but I can't set them from NT. It just silently
> fails. I've asked about this a few times on the list and gotten basically
> no response, but I'm hoping maybe it'll be fixed in 2.2.2 because it's a
> major annoyance. I'm running Samba 2.2.1a with winbindd from an older HEAD
> CVS.
>
> Setting ACLs with setfacl isn't too hard, though it's a bit of a pain. You
> can do things like:
>
> setfacl -m "g:DOMAIN+Programmers:rwx" foo
>
> to add a group to the ACL list for a file or directory. To set a default
> ACL on a directory, just add a -d before the -m. You can make changes
> recursively with the -R switch. Removing an entry is similar:
>
> setfacl -x "g:DOMAIN+Programmers" foo
>
> The only gotcha is that if you set UNIX permissions with chmod, they're
> combined with the ACL permissions to create the most restrictive
> interpretation. So most of the time it's best to avoid chmod and use
> setfacl to set those permissions, too. (For example, 'setfacl -m g::rx
> foo'.)
>
> Interestingly enough, I have "map hidden = yes", and my NT clients can turn
> the hidden bit on and off just fine, as long as they're the owner of the
> file they're working on, but setting ACLs doesn't work.
>
> -----Original Message-----
> From: Michels, Gustavo [EES/BR]
> [mailto:gustavo.michels at emersonenergy.com]
> Sent: Monday, September 17, 2001 4:29 PM
> To: samba at lists.samba.org
> Subject: Setting ACLs via Windows client
>
>
> Hello,
>
> A little question about ACLs; my test server is set up with XFS and has
> support for ACLs. I have built the latest samba cvs source with acl support
> and as far as I can see from the configure results, acls were detected and
> were compiled.
>
> Note: I am using winbind to authenticate the users.
>
> Can I set the acls permissions from a windows 2000 client? I am trying to do
> this for a while without success... After I set the folder's permission in
> windows (add any user/group from the domain), looking again from the client
> does not show the change I have just made in the permissions... Anyone with
> similar problems?
>
> The folder is chmoded 01777 and I am trying to make this change using a
> domain account declared as an admin user in smb.conf.
>
> Here are the results of getfacl:
>
> [root at splus001 files]# getfacl departments/
> # file: departments/
> # owner: root
> # group: root
> user::rwx
> group::rwx
> other::rwx
>
> I also tried reading the manpages of setfacl but without any visible
> success.
>
> Can anyone help me or tell me where I can find more detailed documentation
> on setting ACLs for Samba?
>
> Cheers
> Gustavo
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
----------------------------------------------------------------------------
"First, they ignore you. Then they laugh
at you. Then they fight you. Then you
win." - Mahatma Ghandi
In a world without walls and fences, who needs windows and gates?
Alex West
A&M Communications - Tech Guru
BioControl Technology Inc., MIS Administrator
kill-9 at warbeast.com | kill-9 at ipost.net
WebPage -> www.warbeast.com/~kill-9
Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye
Check out my band and FREE music at *** www.mp3.com/snowpants ***
----------------------------------------------------------------------------
More information about the samba
mailing list