[Samba] Samba 2.2.8a - winbind do I need ACL for letting users change their file permissions?

Buchan Milne bgmilne at obsidian.co.za
Tue May 11 11:36:39 GMT 2004 

On Tue, 11 May 2004, Stefano Ciccarelli wrote:

> Hi,
> 
> I have a working installation of Samba 2.2.8a on Mandrake 9.2 - kernel
> 2.4.20 connected to a Win NT 4.0 sp6 via pam/winbind.
>  

IIRC, Mandrake 9.2 shipped with a 2.4.22 kernel? If you'vekep up with 
updates, you should be running 2.4.22-30mdk.

> 
> Everything works fine except that I cannot give the NT user "administrator"
> administrative rights on samba and users cannot change samba file
> permissions from Win2k/WinXP
> 

You could use the "admin users" per-share parameter to give someusers 
"root" access.

>  
> 
> Here follows my smb.conf
> 
>  
> 
> # Samba config file created using SWAT
> 
> # from 0.0.0.0 (0.0.0.0)
> 
> # Date: 2004/04/28 11:35:22
> 


Hmm, another SWAT-mangled smb.conf. Please look at the provided example 
winbind samba configuration file, /etc/samba/smb-winbind.conf for some 
examplesfor use with winbind.

>  
> 
> # Global parameters
> 
> [global]
> 
>             workgroup = DOMAIN
> 
>             netbios name = SAMBA
> 
>             server string = Samba Server %v
> 
>             security = DOMAIN
> 
>             encrypt passwords = Yes
> 
>             obey pam restrictions = Yes
> 
>             password server = *
> 
>             log file = /var/log/samba/log.%m
> 
>             max log size = 50
> 
>             socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
>             character set = ISO8859-15
> 
>             os level = 18
> 
>             local master = No
> 
>             dns proxy = No
> 
>             winbind uid = 10000-20000
> 
>             winbind gid = 10000-20000
> 
>             template homedir = /users/%D/home/%U
> 
>             template shell = /bin/bash
> 
>             winbind separator = /
> 
>             winbind use default domain = Yes
> 
>             path = /home
> 
>             admin users = Administrator
> 
>  
> 
> [homes]
> 
>             path = /users/DOMAIN/home
> 
>             read only = No
> 
>             create mask = 0600
> 
>             directory mask = 0700
> 
>             browseable = No
> 
>             wide links = No
> 
>  

This share definition is broken. The homes share is special. Please take a 
look at the one in the example.

> 
> [felles]
> 
>             path = /users/DOMAIN/felles
> 
>         read only = No
> 
>             valid users = @"Domain Users", at Domain_Ansatte,@"Domain
> Admins"
> 
>             force create mode = 0775
> 
>             force directory mode = 0775
> 
>  
> 
>  
> 
> I was wondering if there is a simple solution to this problem or if I have
> to apply the ACL patch to kernel 2.4.20  


IIRC, the 9.2 kernels should have ACL support already (at least on 
ext2/ext3), 9.1 had support for ACLs on XFS/ext2/ext3, 9.0 had support on 
XFS, and 8.2 had support on XFS. But, if permissions aren't working (users 
should be able to modify the permissions of files they own), then ACLs 
won't help you much (as only the owner or root can change ACLs).

Of course, also ensure that your permissions changes aren't being 
prevented by your share definitions.

Regards,
Buchan

More information about the samba mailing list