[Samba] using the DC as a file Server in AD
Mike
1100100 at gmail.com
Thu Jun 11 06:10:28 MDT 2015
On Thu, Jun 11, 2015 at 5:01 AM, Klaus Hartnegg <hartnegg at uni-freiburg.de>
wrote:
> Am 10.06.2015 um 03:25 schrieb Mike:
>
>> I'm learning to be very deliberate with changing posix and windows acl's
>> so
>> I don't disturb users' access to files and folders.
>> I check acl's on a specific file/folder on the server with getfacl.
>> Then make one small acl modification to one file in a sub-directory of a
>> share.
>> Then record the difference reported by getfacl again.
>> Then will access the same file from Windows RSAT console as the Domain
>> Admin and note the permissions indicated on the Security tab.
>>
>
> If you use acl_xattr (default in AD mode) and change permissions in Linux,
> this will reset all permissions that were previously set from Windows. Use
> either setfacl or the security tab, but do not mix them.
>
>
Hi Klaus,
Your point is well received. I had a problem trying to effect permissions
changes using windows acls. The only way I found towards a solution was to
go back and forth between windows "Domain Users" and "User" accounts, and
linux getfacl/setfacl changes to the same file......seeing the effect of
the changes between the two. It's how I figured out that acl's for windows
"Domain Users" consistently translates to linux acl's "group:users", etc.
You have to play with both to understand all the parts, but carefully.
More information about the samba
mailing list