[Samba] Changing ACLs as administrator
Buchan Milne
bgmilne at cae.co.za
Fri Jul 26 08:30:03 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Message: 3
| Date: Thu, 25 Jul 2002 11:35:49 -0700
| From: Rob Helmer <robert at namodn.com>
| To: samba at lists.samba.org
| Organization: Namodn Artists - http://www.namodn.com
| Subject: [Samba] Changing ACLs as administrator
|
| Hello,
|
|
| While the interesting discussion on POSIX ACLs vs. NT ACLs has
| been going on, I've been trying ( unsuccessfully ) from a Windows
| box logged in as DOMAIN\Administrator change ACLs on a file
| owned by a user.
|
| I just get "Access denied" every time I attempt it.
|
| I have tried setting in the smb.conf :
|
| --
| domain admin group = DOMAIN+Domain Admins
Well, firstly you probably need something like this
domain admin group = @"DOMAIN+Domain Admins"
But, you should read the man page on this option, since this actually
affects which users are seen by the windows members of a samba
controlled domain to have admin rights, only on the windows machines.
| --
|
| and
|
| --
| domain admin group = DOMAIN+Administrator
| --
|
| but I still don't seem to have this access.
|
| Is there something I am missing?
|
| Any pointers would be great :) I want to let designated domain admins
| change ACLs, since NT ACL's "Take Ownership" doesn't seem to be possible
| with the current POSIX ACL/Samba combination.
You're probably looking for something more like:
admin users = @"DOMAIN+Domain Admins"
this should be applied carefully, and on a share-by-share basis, and I
am not sure if it will do what you want (allow you to change ownership),
but it will let you delete anything!
no need for messy hidden shares (which is a secutiy nightmare, unless it
protected somehow).
Buchan
- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9QWqjrJK6UGDSBKcRApzpAJ9IR+jcRNhBuLZBIb62bpni3SCW2wCcDKPf
lNJl6ucrV6Nw7R/i4/k1V/Y=
=Kclx
-----END PGP SIGNATURE-----
More information about the samba
mailing list