[Samba] Setting up Profiles share... 777?!

Marco Gaiarin gaio at lilliput.linux.it
Wed Nov 29 16:45:16 UTC 2023 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

>>       acl_xattr:default acl style = windows
>>       acl_xattr:ignore system acls = yes
> Why have you added those two last lines ?

Ahem, really you need an answer?! ;-)

I don't remember... ;-(((


>> What i'm missing?! Thanks.
> Well, because you have added this line:
> acl_xattr:ignore system acls = yes

          If acl_xattr:ignore system acls is set to yes, the following additional settings will be enforced:
                  ???   create mask = 0666
                  ???   directory mask = 0777

RTFM, indeed...

Sorry for the noise...


> You can read these on Linux with:
> sudo samba-tool ntacl get /srv/samba/profiles --as-sddl

I've not understood why you as me this, but, anyway:

 root at vdmacpn1:~# samba-tool ntacl get /srv/samba/profiles --as-sddl
 O:S-1-5-21-2656668478-4232595426-3015587126-1106G:S-1-5-21-2656668478-4232595426-3015587126-1104D:P(A;;0x001f01ff;;;S-1-5-21-2656668478-4232595426-3015587126-1106)(A;;0x001f01ff;;;S-1-5-21-2656668478-4232595426-3015587126-1104)(A;;0x001200a9;;;WD)


Ah! I remember because i've set 'acl_xattr:ignore system acls = yes': simply
profile folders creation does not worked, and i've fiddled a bit.

If i can read well the wiki, the permission needed are:
 + full control to everyone for the share permission
 + in the folder permission:
   - special permission to create (and access) the folders to Domain Users
   - full control to SYSTEM, CREATOR OWNER and Domain Admins.

But still plain POSIX (ugo) permissione have to permit access to the folder,
right? So i need to do:

	chown <whatever>:'Domain Users' /srv/samba/profiles
	chmod 770 /srv/samba/profiles

Right? If yes, it missed from the wiki... at least from:

	https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles#Using_Windows_ACLs

probably reading:

	https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

can give some hints, but...

-- 
  Software patents are like smoke: «it started with an experiment to improve
  health. It tasted quite good and it soon became a fashion statement. But
  today smoking kills not only those who smoke but also those who breathe
  nearby.»						(Marten Mickos)

More information about the samba mailing list