Setting ACLs via Windows client

kill -9 kill-9 at warbeast.com
Mon Sep 17 21:09:02 GMT 2001 

I had problems with this also using ext2fs, posix acls, and any client,
2.2.1a. The permissions would fail with access denied. I did a cvs update
today, and all the sudden it worked. I did however do something this time
that I had never done before. I actually removed everything from the old
samba install dirs and installed fresh, the copied over the relevant
config files, lmhosts, etc. I have not tried from nt yet, but I did try
from win98 nexus tools, which never even came close to working before. 
Later,
Alex


 On Mon, 17 Sep 2001, Michels, Gustavo
[EES/BR] wrote:

> Date: Mon, 17 Sep 2001 21:57:47 +0100
> From: "Michels, Gustavo [EES/BR]" <gustavo.michels at emersonenergy.com>
> To: David Brodbeck <DavidB at mail.interclean.com>, samba at lists.samba.org
> Subject: RE: Setting ACLs via Windows client
> 
> Hi David,
> 
> Thanks for your prompt reply! Could you put here a result of a getfacl of
> one of your shares? Now that I have messed with chmod, I would like to know
> how you left all the permissions set.
> 
> cheers
> Gustavo
> 
> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: segunda-feira, 17 de setembro de 2001 17:46
> To: Michels, Gustavo [EES/BR]; samba at lists.samba.org
> Subject: RE: Setting ACLs via Windows client
> 
> 
> I've been having the same problem with Windows NT 4 clients, Samba 2.2.1a,
> and ext2fs with the ACL patches.  I can set the ACLs just fine with setfacl,
> and the clients honor them, but I can't set them from NT.  It just silently
> fails.  I've asked about this a few times on the list and gotten basically
> no response, but I'm hoping maybe it'll be fixed in 2.2.2 because it's a
> major annoyance.  I'm running Samba 2.2.1a with winbindd from an older HEAD
> CVS.
> 
> Setting ACLs with setfacl isn't too hard, though it's a bit of a pain.  You
> can do things like:
> 
> setfacl -m "g:DOMAIN+Programmers:rwx" foo
> 
> to add a group to the ACL list for a file or directory.  To set a default
> ACL on a directory, just add a -d before the -m.  You can make changes
> recursively with the -R switch.  Removing an entry is similar:
> 
> setfacl -x "g:DOMAIN+Programmers" foo
> 
> The only gotcha is that if you set UNIX permissions with chmod, they're
> combined with the ACL permissions to create the most restrictive
> interpretation.  So most of the time it's best to avoid chmod and use
> setfacl to set those permissions, too.  (For example, 'setfacl -m g::rx
> foo'.)
> 
> Interestingly enough, I have "map hidden = yes", and my NT clients can turn
> the hidden bit on and off just fine, as long as they're the owner of the
> file they're working on, but setting ACLs doesn't work.
> 
> -----Original Message-----
> From: Michels, Gustavo [EES/BR]
> [mailto:gustavo.michels at emersonenergy.com]
> Sent: Monday, September 17, 2001 4:29 PM
> To: samba at lists.samba.org
> Subject: Setting ACLs via Windows client
> 
> 
> Hello,
> 
> A little question about ACLs; my test server is set up with XFS and has
> support for ACLs. I have built the latest samba cvs source with acl support
> and as far as I can see from the configure results, acls were detected and
> were compiled.
> 
> Note: I am using winbind to authenticate the users.
> 
> Can I set the acls permissions from a windows 2000 client? I am trying to do
> this for a while without success... After I set the folder's permission in
> windows (add any user/group from the domain), looking again from the client
> does not show the change I have just made in the permissions... Anyone with
> similar problems?
> 
> The folder is chmoded 01777 and I am trying to make this change using a
> domain account declared as an admin user in smb.conf.
> 
> Here are the results of getfacl:
> 
> [root at splus001 files]# getfacl departments/
> # file: departments/
> # owner: root
> # group: root
> user::rwx
> group::rwx
> other::rwx
> 
> I also tried reading the manpages of setfacl but without any visible
> success.
> 
> Can anyone help me or tell me where I can find more detailed documentation
> on setting ACLs for Samba?
> 
> Cheers
> Gustavo
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

----------------------------------------------------------------------------
"First, they ignore you. Then they laugh
at you. Then they fight you. Then you
win." - Mahatma Ghandi

In a world without walls and fences, who needs windows and gates?

Alex West
A&M Communications - Tech Guru
BioControl Technology Inc., MIS Administrator
kill-9 at warbeast.com | kill-9 at ipost.net
WebPage -> www.warbeast.com/~kill-9
Visit Third Eye Digital Productions - http://www.indiana-emall.com/thirdeye
Check out my band and FREE music at ***  www.mp3.com/snowpants  ***
----------------------------------------------------------------------------

More information about the samba mailing list