[Samba] ACLs with samba
Noel Kelly
nkelly at citrusnetworks.net
Fri Nov 22 13:02:01 GMT 2002
Only the owner of a file/directory can alter the permissions through the
Windoze client. If you want to be able to change everyone's ACLs then
create a special admin share with 'force user = root' and this will ensure
that, as root, you can do anything to anything (dangerous so make sure you
don't let anyone else near the share!).
Noel
-----Original Message-----
From: Mikko Rautiainen [mailto:mrautia6 at welho.com]
Sent: 22 November 2002 08:58
To: hallewellt at rfa.org
Cc: Samba ML
Subject: Re: [Samba] ACLs with samba
Hi,
What filesystem are you using? Like ReiserFS doesn't support ACL's but
ext3 and XFS does.
And is your PDC a win??? or is it a samba PDC?
I have a win2k PDC and samba fileserver and I use Winbind to
authenticate. I can change
the permissions for files and folders in the PDC or on my desktop. I
didn't use any force
create modes.
Mikko Rautiainen
Tom Hallewell wrote:
>Hi-
>I am experiencing some odd behavior with ACLs with winbindd using Samba 2.6
>on Debian Woody (kernel version 2.4.18).
>1. I am unable to alter permissions from Win2K clients using the
>Properties->Security interface. Is this normal? I get the "Unable to save
>Permission Changes on new Folder. Access is denied." message. This
occurs
>with all accounts, both privileged and unprivileged.
>
>
>2. Permissions set using
>setfacl -m u:DOMAIN\USER:rwx
>alter the permissions just fine, but do not show up in the
>Properties->Security interface.
>If I run
>chmod DOMAIN\USER.DOMAIN\USER
>it shows up.
>
>The permissions show up correctly if a file or directory is created on the
>share from a Win client, but cannot be modified once created, and the ACL
>info is not seen.
>
>Is this behavior normal, or am I doing something wrong?
>
>Here is the relevant section of smb.conf:
>[SHARE]
> comment = Blah blah
> path = /usr/tmp/share
> valid users = @DOMAIN\Group1 @DOMAIN\Group2
> public = no
> writable = yes
> printable = no
> create mask = 0770
> directory mode = 0770
> force create mode = 0770
> force directory mode = 0770
>
>Here is the output from
>getfacl /usr/tmp/share
>getfacl: Removing leading '/' from absolute path names
># file: usr/tmp/BUR
># owner: mpgmover
># group: mpgmover
>user::rwx
>group::rwx
>group:DOMAIN\Group1:rwx
>group:DOMAIN\Group2:rwx
>mask::rwx
>other::---
>
>Any input would be appreciated.
>Thanks
>Tom Hallewell
>Radio Free Asia
>Washington DC
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
More information about the samba
mailing list