[Samba] Error changing ACL when not the owner of the file...
S. J. van Harmelen
sander.vanharmelen at isp.solcon.nl
Thu Jun 8 07:42:13 GMT 2006
Hi there folks,
I hope someone will take a minute to help me out...
We succesfully joined Samba 3.0.22 (on Debian using the .deb's from
samba.org) to our W2K3 ADS domain. We done all the steps needed to get
ACL's to work (compiled the kernel and mounted with ACl support) and all
seems to be working great.
What goes wrong is that when a user creates a file, the Admin can't
change the ACL but get's a access denied error. After searching and
reading a lot we found that we might needed to give the Admin the
SeDiskOperatorPrivilege. So set 'enable privileges = yes' in the
smb.conf and assigned the privilege. When checking (net rpc rights list
accounts -U Administrator) the privilege seems to be assigned, but we
still keep getting the access denied...
Anyone has a pointer or a tip we can work with? Thanks in advance...
======================================================================
[global]
security = ads
password server = srv-solcon-01
encrypt passwords = true
workgroup = solcon
realm = SOLCON.LOCAL
netbios name = testbak
log file = /var/log/samba/samba.log
log level = 2
syslog = 0
enable privileges = yes
dos filemode = yes
nt acl support = yes
map acl inherit = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
[testdir]
comment = testdir
path = /usr/home/testdir
read only = no
browsable = yes
writable = yes
dos filemode = yes
map archive = yes
map hidden = yes
map system = yes
inherit permissions = yes
veto oplock files = /*.mdb/*.MDB/
create mask = 0770
force create mode = 0440
directory mask = 0771
force directory mode = 0771
security mask = 0777
force security mode = 0440
directory security mask = 0777
force directory security mode = 0771
======================================================================
Kind regards,
Sander
More information about the samba
mailing list