[Samba] Changing ACLs as administrator
Konkol, Josh
JKonkol at guidemail.com
Mon Jul 29 10:16:03 GMT 2002
But that means everything you do will be as root. All new files will belong
to root and not those users.
Right ??
Josh
> -----Original Message-----
> From: Rob Helmer [mailto:robert at namodn.com]
> Sent: Friday, July 26, 2002 4:10 PM
> To: sspitzner at planalytics.com; samba at lists.samba.org
> Subject: Re: [Samba] Changing ACLs as administrator
>
>
> Hello,
>
>
> I hope you don't mind that I am CC:'ing the list.
>
> I used the "username map" directive to point to a username map file in
> smb.conf :
>
> --
> username map = /usr/local/samba/private/username.map
> --
>
> My /usr/local/samba/private/username.map looks like this :
>
> --
> root = @"DOMAIN+Domain Admins"
> --
>
> Seems to work for my purposes :)
>
> My smbd/nmbd are currently on 2.2.2 ( winbind is 2.2.3a, because
> of the memory leak issue in previous versions ).
>
>
>
> Thanks,
> Rob
>
>
>
> On Fri, Jul 26, 2002 at 02:19:34PM -0400,
> sspitzner at planalytics.com wrote:
> >
> >
> > Could you please tell me how to map the root user? According to the
> > documentation I have
> > seen, the domain admin group directive is no longer valid
> in 2.2.5. Obviously, I
> > have missed
> > something.
> >
> > TIA
> > Sam
> >
> >
> >
> >
> > Rob Helmer <robert at namodn.com> on 07/26/2002 02:09:06 PM
> >
> >
> >
> >
> > To: samba at lists.samba.org
> > cc: (bcc: Samuel K Spitzner/Planalytics)
> >
> > Subject: Re: [Samba] Changing ACLs as administrator
> >
> >
> >
> >
> > Hello Buchan
> >
> >
> > Thank you very much for your reply.
> >
> > The "domain admin" setting in Samba doesn't seem to allow one to
> > change ACLs or take ownership, but I experimented with the info
> > in the email you sent and mapped the root user to
> @"DOMAIN+Domain Admins"
> > and now all Domain Admins are able to take ownership and/or
> change ACLs
> > from their Windows boxes.
> >
> >
> >
> > Thanks,
> > Rob
> >
> >
> > On Fri, Jul 26, 2002 at 05:28:35PM +0200, Buchan Milne wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > | Message: 3
> > > | Date: Thu, 25 Jul 2002 11:35:49 -0700
> > > | From: Rob Helmer <robert at namodn.com>
> > > | To: samba at lists.samba.org
> > > | Organization: Namodn Artists - http://www.namodn.com
> > > | Subject: [Samba] Changing ACLs as administrator
> > > |
> > > | Hello,
> > > |
> > > |
> > > | While the interesting discussion on POSIX ACLs vs. NT ACLs has
> > > | been going on, I've been trying ( unsuccessfully ) from
> a Windows
> > > | box logged in as DOMAIN\Administrator change ACLs on a file
> > > | owned by a user.
> > > |
> > > | I just get "Access denied" every time I attempt it.
> > > |
> > > | I have tried setting in the smb.conf :
> > > |
> > > | --
> > > | domain admin group = DOMAIN+Domain Admins
> > >
> > > Well, firstly you probably need something like this
> > >
> > > domain admin group = @"DOMAIN+Domain Admins"
> > >
> > > But, you should read the man page on this option, since
> this actually
> > > affects which users are seen by the windows members of a samba
> > > controlled domain to have admin rights, only on the
> windows machines.
> > >
> > > | --
> > > |
> > > | and
> > > |
> > > | --
> > > | domain admin group = DOMAIN+Administrator
> > > | --
> > > |
> > > | but I still don't seem to have this access.
> > > |
> > > | Is there something I am missing?
> > > |
> > > | Any pointers would be great :) I want to let designated
> domain admins
> > > | change ACLs, since NT ACL's "Take Ownership" doesn't
> seem to be possible
> > > | with the current POSIX ACL/Samba combination.
> > >
> > > You're probably looking for something more like:
> > >
> > > admin users = @"DOMAIN+Domain Admins"
> > >
> > > this should be applied carefully, and on a share-by-share
> basis, and I
> > > am not sure if it will do what you want (allow you to
> change ownership),
> > > but it will let you delete anything!
> > >
> > > no need for messy hidden shares (which is a secutiy
> nightmare, unless it
> > > protected somehow).
> > >
> > > Buchan
> > >
> > > - --
> > > |----------------Registered Linux User #182071-----------------|
> > > Buchan Milne Mechanical Engineer, Network Manager
> > > Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
> > > Stellenbosch Automotive Engineering http://www.cae.co.za
> > > GPG Key http://ranger.dnsalias.com/bgmilne.asc
> > > 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.0.7 (GNU/Linux)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> > >
> > > iD8DBQE9QWqjrJK6UGDSBKcRApzpAJ9IR+jcRNhBuLZBIb62bpni3SCW2wCcDKPf
> > > lNJl6ucrV6Nw7R/i4/k1V/Y=
> > > =Kclx
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: http://lists.samba.org/mailman/listinfo/samba
> > >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >
> >
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list