[Samba] Changing ACLs as administrator

Buchan Milne bgmilne at cae.co.za
Fri Jul 26 08:30:03 GMT 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| Message: 3
| Date: Thu, 25 Jul 2002 11:35:49 -0700
| From: Rob Helmer <robert at namodn.com>
| To: samba at lists.samba.org
| Organization: Namodn Artists - http://www.namodn.com
| Subject: [Samba] Changing ACLs as administrator
|
| Hello,
|
|
| While the interesting discussion on POSIX ACLs vs. NT ACLs has
| been going on, I've been trying ( unsuccessfully ) from a Windows
| box logged in as DOMAIN\Administrator change ACLs on a file
| owned by a user.
|
| I just get "Access denied" every time I attempt it.
|
| I have tried setting in the smb.conf :
|
| --
| domain admin group = DOMAIN+Domain Admins

Well, firstly you probably need something like this

domain admin group = @"DOMAIN+Domain Admins"

But, you should read the man page on this option, since this actually
affects which users are seen by the windows members of a samba
controlled domain to have admin rights, only on the windows machines.

| --
|
| and
|
| --
| domain admin group = DOMAIN+Administrator
| --
|
| but I still don't seem to have this access.
|
| Is there something I am missing?
|
| Any pointers would be great :) I want to let designated domain admins
| change ACLs, since NT ACL's "Take Ownership" doesn't seem to be possible
| with the current POSIX ACL/Samba combination.

You're probably looking for something more like:

admin users = @"DOMAIN+Domain Admins"

this should be applied carefully, and on a share-by-share basis, and I
am not sure if it will do what you want (allow you to change ownership),
but it will let you delete anything!

no need for messy hidden shares (which is a secutiy nightmare, unless it
protected somehow).

Buchan

- --
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9QWqjrJK6UGDSBKcRApzpAJ9IR+jcRNhBuLZBIb62bpni3SCW2wCcDKPf
lNJl6ucrV6Nw7R/i4/k1V/Y=
=Kclx
-----END PGP SIGNATURE-----

More information about the samba mailing list