One more Time.

David Brodbeck DavidB at
Fri Nov 2 13:09:02 GMT 2001

I think Samba will only let you change the access rights on a file if you
either own it, or are the root user.  Just having 'full control' rights to
the file is not enough.

-----Original Message-----
From: Ed Mann [mailto:ed.mann at]
Sent: Friday, November 02, 2001 4:05 PM
To: samba at
Subject: One more Time.

Okay, all i want is it does not work, or it does work and you are doing
something wrong.

I have my samba server setup and running 2.2.2 with
linux-2.2.5_SGI_XFS_1.0.1. I am also using winbind, and it is great. If
I can get this last bit to work I will upgrade allot of my servers.

1. I create a folder on the samba server and make the Domain
Administrator owner and Domain Admins the group. Both groups have full
control over this directory. 3776 is what the directory is set to.
2. Log into NT machine as Administrator and check the ACL's one the
file. Just the basic ones. So I go and add some groups and users to the
file. All works well. Cool! ( I really do like this).
3. Log out of NT machine and back in as user Ed. Now Ed is in Domain
Admins group and should be able to change rights on the folder. So I go
look at the ACL's for the folder and I can see the changes that I made
as Administrator. So I click on remove to get a few users out and click
ok, but an error will return telling me Access Denied! Do you wish to

So my question is what am I doing wrong here?

I have attached my smb.conf file for you viewing pleasure.


# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = CDC
   nt acl support = yes
   netbios name = storm
   server string = Samba Server
   security = DOMAIN
   encrypt passwords = TRUE
   update encrypted = TRUE 
   password server = CDC-NT 
   inherit permissions = Yes
   domain admin group = @CDC+Domain\ Admins
   preferred master = no
   local master = no
   log file = /var/log/samba/log.%m
   max log size = 50
   announce version = 7.0
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   dns proxy = No
   bind interfaces only = yes
   interfaces =
   create mode = yes
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind separator = +

#============================ Share Definitions
   comment = Home Directories
   browseable = no
   writable = yes

   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

# access to the directory.
   comment = Software Service
   path = /data/
   public = yes
   writable = yes
   printable = no
   inherit permissions = Yes

Just someone talk to me!

To unsubscribe from this list go to the following URL and read the

More information about the samba mailing list