[Samba] Changing ACLs as administrator

sspitzner at planalytics.com sspitzner at planalytics.com
Tue Jul 30 08:18:03 GMT 2002


I am having the exact same problem. I cannot change ACL's either from the
administrator login or the user login. If anyone can give a clue as to what is
going on, I would appreciate it. I am running 2.2.5 with the acl code in the
kernel and compiled with acl.

Thank you

"Eddie Lania" <e.lania at elton.nl> on 07/30/2002 09:19:39 AM

To:   samba at lists.samba.org
cc:    (bcc: Samuel K Spitzner/Planalytics)

Subject:  [Samba] Changing ACLs as administrator

Hello all.

Has somebody found a solution yet?
I can't figure it out.
I am beginning to wonder if it might be a bug in samba?
This is what I have now:

        comment = Network Logon Service
        path = /home/netlogon
        read only = Yes
        guest ok = Yes
        write list = @"Administrators"
        force group = "+Administrators"
        inherit acls = Yes
        inherit permissions = Yes

        path = /home/users/%U
        read only = No
        browseable = No
        inherit acls = Yes
        inherit permissions = Yes

        comment = Users share
        path = /home/users
        read only = No
        force group = "+Administrators"
        inherit acls = Yes
        inherit permissions = Yes

        comment = User profiles share
        path = /home/profiles
        read only = No
        force group = "+Administrators"
        inherit acls = Yes
        inherit permissions = Yes
        csc policy = disable

All user directories and files in [users] and [profiles] are owned by the
"user", their group has been set to Administrators and user and group
permissions are set to rwx for directories and rw for files.

The world permissions have been set to none because I want only the "user"
or the Adminstrator equiv to be able to access the directories in the
[users] or the [profiles] share.

When I check the acls and permission from a logged-in windows XP client
verything looks really good.
No errors.

So far so good......but then:

When a user creates a new file or directory, it should inherit it's acl and
permissions from the parent directory, this doesn't work, currently the
owner and group get set to the user itself.

If an Administrator equiv creates a new file or directory, I would like it
to be set to a default acl where the group should be at least
"Administrators" and, if needed, I would like to change the owner later.
With the "force group" parameter set to "+Administrators" this works almost
ok, the groups get set well but I get a "permission denied" when I try to
change the owner of the directory.

In order to be able to succeed in changing the ownership:
I also have been playing with the "username map" file but when I add a line
there like:
root = @"Administrators"
then the result is that the Administrator equiv is being logged in as root
at login time, and still isn't able to change the ownership of an file or

I also tried the "admin users = @"Administrators" in the service section but
this doesn't work either.

So, I am out of options now.

I hope that some other list member can give me the right solution.
Or maybe one of the members of the samba team?

Thank you for any reply.


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list