[Samba] Changing ACLs as administrator

Konkol, Josh JKonkol at guidemail.com
Tue Jul 30 09:51:03 GMT 2002 

There are only two users who can change ACL's on a file, the owner and root.

What I have done to get around this in the NT world is to create a hidden
share that encompases all of the other shares.

Then use 'valid users=@"Domain Admins"' and 'force user=root'.

Josh

> -----Original Message-----
> From: sspitzner at planalytics.com [mailto:sspitzner at planalytics.com]
> Sent: Tuesday, July 30, 2002 10:47 AM
> To: Konkol, Josh
> Subject: RE: [Samba] Changing ACLs as administrator
> 
> 
> 
> 
> I am one of those you replied to. I am going to attempt to 
> provide you with
> enough
> information so that you can help me.
> 
> I am running samba 2.2.5 compiled with acl support. My kernel 
> has acl support.
> 
> I have tried every suggestion in the list.
> 
> I am trying to go to my NT domain controller, pull up the 
> share, and change the
> acl's
> on any of the files or directories. I am also trying to 
> change any of the acl's
> for the
> spitzner share, on my own machine, running W2K, using 
> permissions on the right
> click of the mouse. I cannot add users or change any of the 
> acl or share
> permissions
> of the files or directories, not to mention the shares.
> 
> I have tested with the username map as you can see in the 
> smb.conf file
> 
> If you are able to help I would appreciate it.
> 
> Sam
> 
> Here is my smb.conf.
> 
> # Global parameters
> [global]
>      workgroup = SWS
>      netbios name = BLACKHOLE
>      server string = Samba on Blackhole
>      encrypt passwords = Yes
>      obey pam restrictions = Yes
>      password server = LOCUTUS
>      security = domain
>      log file = /var/log/samba/%m.log
>      max log size = 50
>      socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
>      preferred master = No
>      wins server = 172.29.33.29
>      wins proxy = Yes
>      winbind separator = +
>      winbind uid = 10000-20000
>      winbind gid = 10000-20000
>      winbind cache time = 10
>      winbind use default domain = Yes
>      hosts allow = 172.
> #    username map = /etc/samba/private/username.map
>      printing = nt
>      character set = ISO8859-15
>      nt acl support = Yes
>      nt smb support = Yes
>      log level = 2
> 
> [root]
>      comment = root share
>      path = /home/ntshares
>      valid users = root
>      read only = No
>      force create mode = 0660
>      guest ok = No
> 
> [send]
>      comment = send
>      path = /home/send
>      valid users = send fost graph
>      read only = No
>      force create mode = 0660
>      guest ok = Yes
> 
> [spitzner]
>      comment = send
>      path = /home/ntshares/uprivate/sspitzner
> #    valid users = SWS+SSpitzner, root
>      valid users = SWS+SSpitzner
>      read only = No
>      browseable = Yes
>      inherit acls = Yes
>      inherit permissions = Yes
>      force create mode = 0660
> 
> Here is my pam.d/samba file.
> 
> #%PAM-1.0
> auth       required pam_nologin.so
> auth       required pam_stack.so service=system-auth
> auth    sufficient  pam_winbind.so
> account    required pam_stack.so service=system-auth
> session    required pam_stack.so service=system-auth
> password   required pam_stack.so service=system-auth
> 
>

More information about the samba mailing list