Setting ACLs via Windows client
David Brodbeck
DavidB at mail.interclean.com
Wed Sep 19 06:35:04 GMT 2001
What version of Samba are you using? It doesn't work for me from NT4, with
Samba 2.2.1a, even on files I own. No error message appears, but when you
check the permissions again they're unchanged. I get the following error in
the log:
[2001/09/19 09:33:22, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-86195882-1589917278-758854815-1203 to uid or gid.
I'm wondering if this is a problem with my winbindd configuration, since I'm
using Samba and winbindd from diferent branches. If it is, it'll probably
correct itself when I upgrade to 2.2.2.
-----Original Message-----
From: Anthony J. Breeds-Taurima [mailto:tony at cantech.net.au]
Sent: Tuesday, September 18, 2001 11:38 PM
To: Michels, Gustavo [EES/BR]
Cc: samba at lists.samba.org
Subject: Re: Setting ACLs via Windows client
On Mon, 17 Sep 2001, Michels, Gustavo [EES/BR] wrote:
> A little question about ACLs; my test server is set up with XFS and has
> support for ACLs. I have built the latest samba cvs source with acl
support
> and as far as I can see from the configure results, acls were detected and
> were compiled.
<snip>
> Can anyone help me or tell me where I can find more detailed documentation
> on setting ACLs for Samba?
Okay, I'm not certain I understand you're environment completely BUT I am
fully able to set the ACL's on files (and dirs) from NT4.0/Win2k from the
owner
account. ie it isn't enough to have write access to the file you must be
the
owner.
Try this
share /tmp via samba (only temporarily this is generally a bad idea.
[root at router /tmp]# touch acledfile
[root at router /tmp]# chown DOMAIN+USER1:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# chmod 0660 acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Then from the NT4.0/Win2k machine (logged in as USER) try to modify the
ACL's.
it DOES work.
View the ACL,
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Then just change the owner to a different user note the is the _only_ change
you make
[root at router /tmp]# chown DOMAIN+USER2:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER2
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Now again on the NT4.0/Win2k workstation try to modify the ACL, it will
fail. This
is to be expected
Does that kinda, clarify what you can do with ACL's ???
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba-technical
mailing list