[Samba] Changing ACLs as administrator
sspitzner at planalytics.com
sspitzner at planalytics.com
Tue Jul 30 08:18:03 GMT 2002
Eddie,
I am having the exact same problem. I cannot change ACL's either from the
administrator login or the user login. If anyone can give a clue as to what is
going on, I would appreciate it. I am running 2.2.5 with the acl code in the
kernel and compiled with acl.
Thank you
Sam
"Eddie Lania" <e.lania at elton.nl> on 07/30/2002 09:19:39 AM
To: samba at lists.samba.org
cc: (bcc: Samuel K Spitzner/Planalytics)
Subject: [Samba] Changing ACLs as administrator
Hello all.
Has somebody found a solution yet?
I can't figure it out.
I am beginning to wonder if it might be a bug in samba?
This is what I have now:
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = Yes
guest ok = Yes
write list = @"Administrators"
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
[homes]
path = /home/users/%U
read only = No
browseable = No
inherit acls = Yes
inherit permissions = Yes
[users]
comment = Users share
path = /home/users
read only = No
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
[profiles]
comment = User profiles share
path = /home/profiles
read only = No
force group = "+Administrators"
inherit acls = Yes
inherit permissions = Yes
csc policy = disable
-----
All user directories and files in [users] and [profiles] are owned by the
"user", their group has been set to Administrators and user and group
permissions are set to rwx for directories and rw for files.
The world permissions have been set to none because I want only the "user"
or the Adminstrator equiv to be able to access the directories in the
[users] or the [profiles] share.
When I check the acls and permission from a logged-in windows XP client
verything looks really good.
No errors.
So far so good......but then:
When a user creates a new file or directory, it should inherit it's acl and
permissions from the parent directory, this doesn't work, currently the
owner and group get set to the user itself.
If an Administrator equiv creates a new file or directory, I would like it
to be set to a default acl where the group should be at least
"Administrators" and, if needed, I would like to change the owner later.
With the "force group" parameter set to "+Administrators" this works almost
ok, the groups get set well but I get a "permission denied" when I try to
change the owner of the directory.
In order to be able to succeed in changing the ownership:
I also have been playing with the "username map" file but when I add a line
there like:
root = @"Administrators"
then the result is that the Administrator equiv is being logged in as root
at login time, and still isn't able to change the ownership of an file or
directory.
I also tried the "admin users = @"Administrators" in the service section but
this doesn't work either.
So, I am out of options now.
I hope that some other list member can give me the right solution.
Or maybe one of the members of the samba team?
Thank you for any reply.
Eddie.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list