[Samba] Computer Management - Share Security - No Read Access

Marco Shmerykowsky marco at sce-engineers.com
Tue Feb 19 22:13:10 UTC 2019 

>> On 2019-02-19 4:22 pm, Rowland Penny via samba wrote:
>> > On Tue, 19 Feb 2019 16:13:27 -0500
>> > Marco Shmerykowsky <marco at sce-engineers.com> wrote:
>> >
>> >>
>> >> On 2019-02-19 3:47 pm, Rowland Penny via samba wrote:
>> >> > On Tue, 19 Feb 2019 15:25:51 -0500
>> >>
>> >> >> What exactly does "START AGAIN" imply? Just chmod?
>> >> >
>> >> > 'ls' shows the correct ownership and Unix permissions:
>> >> >
>> >> > drwxrwx---+  4 root          domain admins 4096 Feb 17 19:13
>> >> > programs
>> >> >
>> >> > But 'getfacl' show something different:
>> >> >
>> >> > getfacl: Removing leading '/' from absolute path names
>> >> > # file: server
>> >> > # owner: root
>> >> > # group: root
>> >> > user::rwx
>> >> > group::r-x
>> >> > other::r-x
>> >> >
>> >> > So what I am suggesting is that you use 'setfacl' to remove the
>> >> > extended ACL's, it is the only thing I can see different between
>> >> > my working system and your non-working system
>> >> >
>> >> > Rowland
>> >>
>> >> root at machine253:/server# setfacl -b /server/users
>> >>
>> >> root at machine253:/server# chmod 0770 /server/programs
>> >> root at machine253:/server# ls -l
>> >> total 20
>> >> drwxrwx--- 4 root          domain admins 4096 Feb 17 19:13 programs
>> >>
>> >>
>> >> root at machine253:/server# getfacl /server/programs
>> >> getfacl: Removing leading '/' from absolute path names
>> >> # file: server/programs
>> >> # owner: root
>> >> # group: domain\040admins
>> >> user::rwx
>> >> group::rwx
>> >> other::---
>> >>
>> >> No Change
>> >
>> > When you say 'No Change' I take it you mean that it is still not
>> > working from Windows, because there is a change on the Unix side,
>> > 'Domain Admins' now has the required Unix permissions.
>> 
>> Correct.  In Computer Manager I can not access anything on the
>> share except for the share permissions.
>> 
>> I've also been trying to create "user directory" using %LogonUser%
>> via a group profile.  That deosn't seem to be working, but I don't
>> know if it's related.
>> >
>> > One other thing, I cannot remember asking if Apparmor or Selinux is
>> > installed and enabled.
>> >
>> > Rowland
>> 
>> I tried sestatus and apparmor_status and bith returned 'command not
>> found'
>> so I assume they're not running.  I installed Debian 9 from the LiveCD
>> with the cinnamon desktop.
> 
> OK, it is late here, but just in case something has changed, I will set
> up a new Debian 9 VM tommorrow, install the distro Samba Packages and
> follow the Samba wiki page.
> 
> Can you confirm that you are using Samba from Debian 9.
> You seem to be using '/server' as the shared directory, is this
> correct ?
> What Windows version are you using ? (I know you may have already said,
> but it saves me looking it up)
> 
> Rowland

Debian 9 -> uname -r -> 4.9.0-8-686

This is the iso I used: 
https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-9.8.0-amd64-cinnamon.iso

Windows 10 (version 1803)

The file directory for the various shares is '/server'

More information about the samba mailing list