[Samba] ACL changes on Samba NT 4.0 Member Server

Hans-Wilhelm Heisinger wheisinger at semcowindows.com
Thu Nov 1 18:17:29 GMT 2007 

John,

    Thank you for the reply. Below is the output from mount and ls -al.  
Yes I can login as CPDOM+admin and create files, but connecting to the 
share as CPDOM+admin doesn't work.

Hans

[root at localhost ~]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /boot type ext3 (rw,acl)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)

[root at localhost ~]# ls -al /files
total 5196
drwxrwxrwx  3 root root    4096 Nov  1 10:17 .
drwxr-xr-x 26 root root    4096 Nov  1 05:25 ..
-rwxrw-rw-  1 root root     413 Feb 24  2006 AS400.WS
-rwxrw-rw-  1 root root     398 Jul 27 14:13 dnsb.txt
-rwxrw-rw-  1 root root 3100432 May 22  2006 Dsclient.exe
drwxrwxrwx  2 root root    4096 Apr  7  2005 Fonts
-rwxrw-rw-  1 root root    1411 Aug 15 08:09 hans.txt
-rwxrw-rw-  1 root root   61440 Sep 14 08:57 IDTag.exe
-rwxrw-rw-  1 root root  262727 Apr 21  2003 keyfinder.exe
-rwxrw-rw-  1 root root   25088 Mar 22  2007 Label6x4 layout with text.doc
-rwxrw-rw-  1 root root   60416 Jun  6 09:41 Label proposal II.xls
-rwxrw-rw-  1 root root   90112 May  9  2006 OfficeTime.exe
-rwxrw-rw-  1 root root     317 Jul  3 07:51 OutputsLisec.txt
-rwxrw-rw-  1 root root  173231 May  4  1999 REPLICA.HLP
-rwxrw-rw-  1 root root    1101 Apr 25  2005 Salesreport.dtf
-rw-rw-rw-  1 root root     481 Nov  1 08:42 smb.conf
-rwxrw-rw-  1 root root   69632 Mar  4  2004 system.mdw
-rwxrw-rw-  1 root root  491008 May 10 13:20 TSClient.doc
-rwxrw-rw-  1 root root  782848 Jun 30  2006 WIP LOCATIONS.xls
-rwxrw-rw-  1 root root    5632 Aug  4  2004 wmi.dll
-rwxrw-rw-  1 root root   16930 May 31  1994 XCOPY.EXE



John Drescher wrote:
> On 11/1/07, Hans-Wilhelm Heisinger <wheisinger at semcowindows.com> wrote:
>   
>> I have a Samba 3.0.24-7 on Fedora 6 as a member of an Windows NT 4.0
>> domain, with a simple share setup with ACLs.  The permissions on the
>> share from Windows XP Pro Security tab shows Everyone, and root (Unix
>> Group\root) without any Permissions.  When trying to add permissions
>> from XP while logged on as CPDOM+admin the error is display "Unable to
>> save permission changes on "share name" on "server name" Access is
>> denied.  Files can be copied to the share but can't be opened.  Below is
>> the smb.conf.  I believe ACLs would work if I add access.  I tried
>> setting the ACLs using setfacl and then the permissions show full
>> control from XP, but I'm still unable to change permissions or open files.
>>
>> [global]
>>
>>     winbind separator = +
>>     idmap uid = 10000-20000
>>     idmap gid = 10000-20000
>>     winbind enum users = yes
>>     winbind enum groups = yes
>>     winbind use default domain = no
>>
>>     security = domain
>>     workgroup = CPDOM
>>     netbios name = FILE_SRV
>>     password server = XSERVER
>>     server string =
>>
>>
>> [data]
>>     comment = FILES
>>     path = /files
>>     guest ok = yes
>>     create mask = 0777
>>     writeable = yes
>>     nt acl support = yes
>>     oplocks = no
>>     browseable = yes
>>     dos filemode = yes
>>     admin users =
>>
>>     
>
> Your smb.conf file looks fine. Can  CPDOM+admin log into the unix
> system and create files? You are mounting your unix filesystem with
> acls enabled? Also can you post an ls -al on /files
>

More information about the samba mailing list