[Samba] Changing ACLs as administrator
Eddie Lania
e.lania at elton.nl
Tue Jul 30 06:32:06 GMT 2002
Hello all.
Has somebody found a solution yet?
I can't figure it out.
I am beginning to wonder if it might be a bug in samba?
This is what I have now:
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = Yes
guest ok = Yes
write list = @"Administrators"
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
[homes]
path = /home/users/%U
read only = No
browseable = No
inherit acls = Yes
inherit permissions = Yes
[users]
comment = Users share
path = /home/users
read only = No
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
[profiles]
comment = User profiles share
path = /home/profiles
read only = No
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
csc policy = disable
-----
All user directories and files in [users] and [profiles] are owned by the
"user", their group has been set to Administrators and user and group
permissions are set to rwx for directories and rw for files.
The world permissions have been set to none because I want only the "user"
or the Adminstrator equiv to be able to access the directories in the
[users] or the [profiles] share.
When I check the acls and permission from a logged-in windows XP client
verything looks really good.
No errors.
So far so good......but then:
When a user creates a new file or directory, it should inherit it's acl and
permissions from the parent directory, this doesn't work, currently the
owner and group get set to the user itself.
If an Administrator equiv creates a new file or directory, I would like it
to be set to a default acl where the group should be at least
"Administrators" and, if needed, I would like to change the owner later.
With the "force group" parameter set to "+Administrators" this works almost
ok, the groups get set well but I get a "permission denied" when I try to
change the owner of the directory.
In order to be able to succeed in changing the ownership:
I also have been playing with the "username map" file but when I add a line
there like:
root = @"Administrators"
then the result is that the Administrator equiv is being logged in as root
at login time, and still isn't able to change the ownership of an file or
directory.
I also tried the "admin users = @"Administrators" in the service section but
this doesn't work either.
So, I am out of options now.
I hope that some other list member can give me the right solution.
Or maybe one of the members of the samba team?
Thank you for any reply.
Eddie.
More information about the samba
mailing list