[Samba] XP Administrator has no access to shares
steve
steve at steve-ss.com
Tue Aug 21 02:32:56 MDT 2012
On 20/08/12 21:17, Gémes Géza wrote:
> 2012-08-20 11:09 keltezéssel, steve írta:
>> On 20/08/12 10:45, steve wrote:
>>> On 20/08/12 09:42, Gémes Géza wrote:
>>>
>>> setfacl -R -m u:Administrator:rwx,d:u:Administrator:rwx /home2/home
>>
>> Hi Géza
>> Sorry to be a pain but there is a slight problem with the acl
>>
>> All folders under /home2/home now have e.g.:
>> drwxrwxr-w+ 20 steve2 domain users
>>
>> and files have:
>> -rw-rwx---+ steve2 domain users
>>
>> which means somehow, group rw has been set for everything:
>>
>> steve at hh32:/home2> getfacl home
>> # file: home
>> # owner: root
>> # group: root
>> user::rwx
>> user:administrator:rwx
>> group::r-x
>> mask::rwx
>> other::r-x
>> default:user::rwx
>> default:user:administrator:rwx
>> default:group::r-x
>> default:mask::rwx
>> default:other::r-x
>>
>> Is there a way to correct this?
>> Cheers,
>> Steve
>>
>>
> Hi
>
> If I understand your problem you didn't like the fact that the group
> domain users have write and read rights, isn't it?
>
> You can change those rights with setfacl for example.
>
> Regards
>
> Geza Gemes
Hi Géza
Actually this works. It denies group rw access _even though_ in a file
listing with ls -l files show as:
Set the acl like you suggested:
setfacl -R -m u:Administrator:rwx,d:u:Administrator:rwx /home2/home
Files now appear like this:
-rwxrwx--x+
It looks as though they are group rw
but in actual fact, they behave like this:
-rwxr-x--x
Conclusion: Don't believe what the file listing shows. It doesn't seeem
to be wysiwyg. The only way you can really see access rights is to do a
getfacl.
Does that seem OK? Does anyone else observe this?
Cheers,
Steve
More information about the samba
mailing list