samba4 - acces to shared directory by groups permissions don't work

Andrew Bartlett abartlet at samba.org
Tue Mar 31 05:39:31 GMT 2009


On Fri, 2009-03-27 at 13:02 +0100, Justo Alonso wrote:
> Hi !
>     I'm trying to configure a shared directory and set permissions by
> groups, but doesn't work.
> 
>     On windows, I set write access to "Domain Users" and the user of
> the domain can't write on the directory. The unix group is created
> with the same name.
> 
>     I read about "unixname" and map domain to unix group with swat,
> but I don't known how make it (swat don't work on samba4 > alpha3,
> isn't it?)
> 
>     How do I have to define permissions in Windows and Unix to make it work?

Tridge defines this as the 'minimal' mapping.  Ie, there is none (pretty
much :-)

Files will be created as the UID that Samba determines for that new user
(stored in it's IDMAP, and unrelated to any existing user).  Users
access to those files will be restricted by the intersection of both the
posix mode (user group other) any posix ACL and the windows ACL applied
to the file.  Only the windows ACL will be visible from the client, and
only the windows ACL can be changed.

Yes, this sucks, and we need someone to work on porting in a mapping
from Posix ACLs to NT ACLs from Samba3.  (We support a mapping on NFSv4
ACLs, but no linux distribution ships with that enabled). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090331/0a5a69a9/attachment.bin


More information about the samba-technical mailing list