[Samba] mixing Windows ACL and POSIX ACL shares on one server?
Matjaz Matjaz
matyaz at yahoo.com
Fri Nov 15 01:56:52 UTC 2019
Microsoft Windows [Version 6.1.7600]Copyright (c) 2009 Microsoft Corporation. Vse pravice pridržane.
C:\Users\hp>ping 9.68.67.166
Pinging 9.68.67.166 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out.
Ping statistics for 9.68.67.166: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\hp>telnet www.example.com 80'telnet' is not recognized as an internal or external command,operable program or batch file.
C:\Users\hp>cd\
C:\>telnet 8.8.8.8 53'telnet' is not recognized as an internal or external command,operable program or batch file.
C:\>cdC:\
C:\>netstat
Active Connections
Proto Local Address Foreign Address State TCP 127.0.0.1:53185 hp-PC:8060 SYN_SENT TCP 192.168.64.100:49230 wl-in-f188:5228 ESTABLISHED TCP 192.168.64.100:50717 edge-star-shv-01-vie1:https ESTABLISHED TCP 192.168.64.100:50977 edge-star-shv-01-vie1:https ESTABLISHED TCP 192.168.64.100:53047 104.244.42.2:https ESTABLISHED TCP 192.168.64.100:53157 104.244.42.2:https ESTABLISHED TCP 192.168.64.100:53158 192.229.233.50:https ESTABLISHED TCP 192.168.64.100:53159 104.244.43.131:https ESTABLISHED TCP 192.168.64.100:53160 192.229.220.133:https ESTABLISHED TCP 192.168.64.100:53164 104.244.42.1:https ESTABLISHED TCP [::1]:2869 hp-PC:53166 TIME_WAIT
C:\>
come on I hit the wall Dne petek, 15. november 2019 00:10:34 GMT+1 je uporabnik Timothy Brewer via samba <samba at lists.samba.org> napisal:
Matthias,
I used setfacl to set POSIX and Ad ACLS. Windows users who are in the
appropriate group can manage perms for both.
Cheers,
Tim
On Thu, Nov 14, 2019 at 3:43 PM Matthias Leopold via samba <
samba at lists.samba.org> wrote:
>
>
> Am 14.11.19 um 23:03 schrieb Jeremy Allison via samba:
> > On Fri, Nov 15, 2019 at 10:51:41AM +1300, Andrew Bartlett via samba
> wrote:
> >> On Thu, 2019-11-14 at 21:45 +0100, Matthias Leopold via samba wrote:
> >>> Hi,
> >>>
> >>> I posted a similar question in 2018 with no answers, so I'll try
> >>> again:
> >>> Is it possible to have shares with Windows ACLs and shares with
> >>> POSIX
> >>> ACLs on the same server (security = user)? Since share permissions
> >>> are
> >>> handled differently for both types of shares I'm not sure if this
> >>> will
> >>> work. I know I could try it out myself, but the question again just
> >>> came
> >>> to my mind and I think there will be clear answer by someone who
> >>> knows.
> >>
> >> Yes, use acl_xattr to store the windows acl if you want that handled
> >> faithfully. The last ACL to be set will win.
> >>
> >> If you set a POSIX ACL then any windows ACL that has been set will be
> >> ignored. If you set a windows ACL on the same file then it will be
> >> translated into posix and also stored.
> >>
> >> So, the idea is that it would 'just work'.
> >
> > Yep, +1 Andrew, that's the way it's meant to work (was
> > designed that way). There might be some tricky corner
> > cases but mostly this is the way most Samba installs
> > use ACLs.
> >
>
> thank you. you are all focusing on ACLs, I'm rather sure they will work,
> my concern is rather management of share permissions. will
> share_info.tdb (Windows ACL share) work alongside with "valid users"
> (POSIX ACL share)?
>
> Matthias
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Tim Brewer
Field Services Tech - ETS FS region 2
Wyoming Department of Enterprise Technology Services
2020 Grand Ave.
Laramie, WY 82070
tim.brewer at wyo.gov
website: ets.wyo.gov
Support: 307-777-5000
Direct Line: 307-343-3183
Ensuring Wyoming has trailblazing technology to meet tomorrows challenges
while delivering the finest in business services today.
--
E-Mail to and from me, in connection with the transaction
of public
business, is subject to the Wyoming Public Records
Act and may be
disclosed to third parties.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list