[Samba] urgent problem with samba 4.13 and chown/chgrp
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 11 10:34:47 UTC 2021
Well, good question, i dont have that enabled in my smb.conf at all.
maybe, nfs4-acl-tools is not installed also.
i do notice one difference, i dont change the primary group "domain users"
and i dont recommend others todo so, yes,
its a switch to "not use chmod/chown/chgrp" i use setfacl getfacl.
but a quick check..
Logged in with a linux user, ( my linuxAdmin for the servers )
chgrp TestGroup somefile.test
chgrp: changing group of 'somefile.test': Operation not permitted
someuserl at dc0:~$ sudo chgrp TestGroup somefile.test
[sudo] password for someuserl:
works fine with sudo
Then logged in on other server, automounted nfs4.1 kerberos authed homedir,
using SSO from windows.
chgrp "users" 'SomeFile.tar.gz' -v
chgrp: changing group of 'SomeFile.tar.gz': Operation not permitted
failed to change group of 'SomeFile.tar.gz' from domain users to users
sudo chgrp "users" 'SomeFile.tar.gz' -v
changed group of 'SomeFile.tar.gz' from domain users to users
chgrp "domain users" 'SomeFile.tar.gz' -v
changed group of 'SomeFile.tar.gz' from users to domain users
so, without sudo you can not change to a "linux" group.
but you can change from a linux group to and AD-group (if it had GID) without sudo.
i hope it helps the topic poster.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland penny via
> samba
> Verzonden: donderdag 11 februari 2021 11:02
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] urgent problem with samba 4.13 and chown/chgrp
>
> On 11/02/2021 09:47, L.P.H. van Belle via samba wrote:
> > Besides your problem.
> >
> >>>> idmap config EECSYORKUCA : range = 1000-999999
> > now, ONLY if you didnt create a first user on linux, your ok here.
> > normaly we do recommend to use/start higher.
> >
> > You should not use overlapping ID's.
> >
> > see also :
> > cat /etc/addusers.conf
> >
> > start there, at least verify you dont have any users in the assigned
> range for samba
>
>
> Hi Louis, you know more about nfs than I do (I don't use it), but
> doesn't NFSv3 use Linux acls and NFSv4 use NFSv4_ACLs and if so,
> wouldn't the OP require the vfs object nfs4acl_xattr in smb.conf ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list