[Samba] Changing ACLs as administrator
Konkol, Josh
JKonkol at guidemail.com
Tue Jul 30 09:51:03 GMT 2002
There are only two users who can change ACL's on a file, the owner and root.
What I have done to get around this in the NT world is to create a hidden
share that encompases all of the other shares.
Then use 'valid users=@"Domain Admins"' and 'force user=root'.
Josh
> -----Original Message-----
> From: sspitzner at planalytics.com [mailto:sspitzner at planalytics.com]
> Sent: Tuesday, July 30, 2002 10:47 AM
> To: Konkol, Josh
> Subject: RE: [Samba] Changing ACLs as administrator
>
>
>
>
> I am one of those you replied to. I am going to attempt to
> provide you with
> enough
> information so that you can help me.
>
> I am running samba 2.2.5 compiled with acl support. My kernel
> has acl support.
>
> I have tried every suggestion in the list.
>
> I am trying to go to my NT domain controller, pull up the
> share, and change the
> acl's
> on any of the files or directories. I am also trying to
> change any of the acl's
> for the
> spitzner share, on my own machine, running W2K, using
> permissions on the right
> click of the mouse. I cannot add users or change any of the
> acl or share
> permissions
> of the files or directories, not to mention the shares.
>
> I have tested with the username map as you can see in the
> smb.conf file
>
> If you are able to help I would appreciate it.
>
> Sam
>
> Here is my smb.conf.
>
> # Global parameters
> [global]
> workgroup = SWS
> netbios name = BLACKHOLE
> server string = Samba on Blackhole
> encrypt passwords = Yes
> obey pam restrictions = Yes
> password server = LOCUTUS
> security = domain
> log file = /var/log/samba/%m.log
> max log size = 50
> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
> preferred master = No
> wins server = 172.29.33.29
> wins proxy = Yes
> winbind separator = +
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind cache time = 10
> winbind use default domain = Yes
> hosts allow = 172.
> # username map = /etc/samba/private/username.map
> printing = nt
> character set = ISO8859-15
> nt acl support = Yes
> nt smb support = Yes
> log level = 2
>
> [root]
> comment = root share
> path = /home/ntshares
> valid users = root
> read only = No
> force create mode = 0660
> guest ok = No
>
> [send]
> comment = send
> path = /home/send
> valid users = send fost graph
> read only = No
> force create mode = 0660
> guest ok = Yes
>
> [spitzner]
> comment = send
> path = /home/ntshares/uprivate/sspitzner
> # valid users = SWS+SSpitzner, root
> valid users = SWS+SSpitzner
> read only = No
> browseable = Yes
> inherit acls = Yes
> inherit permissions = Yes
> force create mode = 0660
>
> Here is my pam.d/samba file.
>
> #%PAM-1.0
> auth required pam_nologin.so
> auth required pam_stack.so service=system-auth
> auth sufficient pam_winbind.so
> account required pam_stack.so service=system-auth
> session required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth
>
>
More information about the samba
mailing list