Can you remove ntacls from the command line?
Matthieu Patou
mat at samba.org
Sat Nov 20 03:30:05 MST 2010
Hi Mike,
"allaboutmike" <mike at aacomp.com.au> a écrit :
>
>I have some permissions problems and I would like to start from
>scratch. Is
>there a way I can remove all (windows) permissions on my folders from
>the
>command line? They don't seem to have any extended attributes:
>bcmain samba # getfattr -d /data/accounts
>bcmain samba #
>
>However Samba thinks they have plenty of acl info if I am reading this
>right:
>
>bcmain samba # ./bin/samba-tool acl nt get --xattr-backend=native
>/data/accounts/
>file: struct xattr_NTACL
> version : 0x0001 (1)
> info : union xattr_NTACL_Info(case 1)
> sd : *
> sd: struct security_descriptor
> revision : SECURITY_DESCRIPTOR_REVISION_1 (1)
> type : 0x8004 (32772)
> 0: SEC_DESC_OWNER_DEFAULTED
> 0: SEC_DESC_GROUP_DEFAULTED
> 1: SEC_DESC_DACL_PRESENT
> 0: SEC_DESC_DACL_DEFAULTED
> 0: SEC_DESC_SACL_PRESENT
> 0: SEC_DESC_SACL_DEFAULTED
> 0: SEC_DESC_DACL_TRUSTED
><snip>
>
>Is there a way I can do this?
Try getfattr -d -m "" as we store the acls in a system.NTACLS and it's
not shown by default:
mat at ares:/usr/local/src/samba4/source4$ getfattr -d
/tmp/toto/sysvol/home.matws.net/
mat at ares:/usr/local/src/samba4/source4$ getfattr -d -m ""
/tmp/toto/sysvol/home.matws.net/
getfattr: Removing leading '/' from absolute path names
# file: tmp/toto/sysvol/home.matws.net/
security.NTACL=0sAQABAAAAAgABAASQHAAAADgAAAAAAAAASAAAAAEFAAAAAAAFFQAAAGgTjLqSzLdigjBfB/QBAAABAgAAAAAABSAAAAAgAgAABABgAAQAAAAAAxgA/wEfAAECAAAAAAAFIAAAACACAAAAAxgAqQASAAECAAAAAAAFIAAAACUCAAAAAxQA/wEfAAEBAAAAAAAFEgAAAAADFACpABIAAQEAAAAAAAULAAAA
Then I leave up to you to read the man page of setfattr on how to remove
the extended attribute!
Cheers.
Matthieu.
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical
mailing list