[Samba] ACLs with samba

Noel Kelly nkelly at citrusnetworks.net
Fri Nov 22 13:02:01 GMT 2002 

Only the owner of a file/directory can alter the permissions through the
Windoze client.  If you want to be able to change everyone's ACLs then
create a special admin share with 'force user = root' and this will ensure
that, as root, you can do anything to anything (dangerous so make sure you
don't let anyone else near the share!).

Noel

-----Original Message-----
From: Mikko Rautiainen [mailto:mrautia6 at welho.com]
Sent: 22 November 2002 08:58
To: hallewellt at rfa.org
Cc: Samba ML
Subject: Re: [Samba] ACLs with samba


Hi,

What filesystem are you using? Like ReiserFS doesn't support ACL's but 
ext3 and XFS does.
And is your PDC a win??? or is it a samba PDC?

I have a win2k PDC and samba fileserver and I use Winbind to 
authenticate. I can change
the permissions for files and folders in the PDC or on my desktop. I 
didn't use any force
create modes.

Mikko Rautiainen

Tom Hallewell wrote:

>Hi-
>I am experiencing some odd behavior with ACLs with winbindd using Samba 2.6
>on Debian Woody (kernel version 2.4.18).
>1.  I am unable to alter permissions from Win2K clients using the
>Properties->Security interface.  Is this normal?  I get the "Unable to save
>Permission Changes on new Folder.  Access is denied."  message.  This
occurs
>with all accounts, both privileged and unprivileged.
>
>
>2.  Permissions set using
>setfacl -m u:DOMAIN\USER:rwx
>alter the permissions just fine, but do not show up in the
>Properties->Security interface.
>If I run
>chmod DOMAIN\USER.DOMAIN\USER
>it shows up.
>
>The permissions show up correctly if a file or directory is created on the
>share from a Win client, but cannot be modified once created, and the ACL
>info is not seen.
>
>Is this behavior normal, or am I doing something wrong?
>
>Here is the relevant section of smb.conf:
>[SHARE]
>   comment = Blah blah
>   path = /usr/tmp/share
>  valid users = @DOMAIN\Group1 @DOMAIN\Group2
>   public = no
>   writable = yes
>   printable = no
>   create mask = 0770
>   directory mode = 0770
>   force create mode = 0770
>   force directory mode = 0770
>
>Here is the output from
>getfacl /usr/tmp/share
>getfacl: Removing leading '/' from absolute path names
># file: usr/tmp/BUR
># owner: mpgmover
># group: mpgmover
>user::rwx
>group::rwx
>group:DOMAIN\Group1:rwx
>group:DOMAIN\Group2:rwx
>mask::rwx
>other::---
>
>Any input would be appreciated.
>Thanks
>Tom Hallewell
>Radio Free Asia
>Washington DC
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002

More information about the samba mailing list