Setting ACLs via Windows client
Charles Marcus
CharlesM at Media-Brokers.com
Wed Sep 19 15:24:03 GMT 2001
Hi Anthony...
I'm gonna be experimenting with XFS and Samba in the next few weeks, and
wanted to confirm something...
I presume that if the 'user' in question was a member of the root group,
they could change any/all ACLs?
Thanks
charles
-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Anthony J. Breeds-Taurima
Sent: Tuesday, September 18, 2001 11:38 PM
To: Michels, Gustavo [EES/BR]
Cc: samba at lists.samba.org
Subject: Re: Setting ACLs via Windows client
On Mon, 17 Sep 2001, Michels, Gustavo [EES/BR] wrote:
> A little question about ACLs; my test server is set up with XFS and has
> support for ACLs. I have built the latest samba cvs source with acl
support
> and as far as I can see from the configure results, acls were detected and
> were compiled.
<snip>
> Can anyone help me or tell me where I can find more detailed documentation
> on setting ACLs for Samba?
Okay, I'm not certain I understand you're environment completely BUT I am
fully able to set the ACL's on files (and dirs) from NT4.0/Win2k from the
owner
account. ie it isn't enough to have write access to the file you must be
the
owner.
Try this
share /tmp via samba (only temporarily this is generally a bad idea.
[root at router /tmp]# touch acledfile
[root at router /tmp]# chown DOMAIN+USER1:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# chmod 0660 acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Then from the NT4.0/Win2k machine (logged in as USER) try to modify the
ACL's.
it DOES work.
View the ACL,
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER1
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Then just change the owner to a different user note the is the _only_ change
you make
[root at router /tmp]# chown DOMAIN+USER2:DOMAIN+Domain\ Admins acledfile
[root at router /tmp]# getfacl acledfile
# file: acledfile
# owner: DOMAIN+USER2
# group: DOMAIN+Domain Admins
user::rw-
user:DOMAIN+USER3:rwx
group::rw-
group:DOMAIN+Domain Admins:rw-
mask::rw-
other::---
Now again on the NT4.0/Win2k workstation try to modify the ACL, it will
fail. This
is to be expected
Does that kinda, clarify what you can do with ACL's ???
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list