[Samba] How do I permit NT Administrator to manage ACL's on s amba file server

Konkol, Josh JKonkol at guidemail.com
Wed Oct 23 14:51:02 GMT 2002 

When you're connected to the share does it show you connected as root?
Try running smbstatus to find out.  

Also, you say that new files are created with the correct permissions, if
you are using force user = root, then all new files should belong to root
NOT domain+administrator.

Do you have nt acl support = yes in your Global Section?

Just throwing out ideas to help

Josh

-----Original Message-----
From: Bart Fest [mailto:b.fest at aia-itp.com]
Sent: Wednesday, October 23, 2002 9:42 AM
To: Konkol, Josh; samba at lists.samba.org
Subject: Re: [Samba] How do I permit NT Administrator to manage ACL's on
samba file server


> It has been my experience that only the owner of the file and root change
> change ACLS on that file.  Since you've stated that Administrator IS the
> owner, maybe there's something else.  Are you getting any errors ?  Who is
> the owner of the diretory that the folder resides in.  Is the
Administrator
> given write permissions at the share level?

The file and directory are owned by DOMAIN+Administrator
I currently have the following in my share :
force user = root

Group is DOMAIN+ADMINS, user DOMAIN+Domain Admins
But, alas, this doesn't help either. Something I probably going totally
wrong down here. =/
I can create files, ownerships are set ok. But I want to use my user
"administrator" to modify ACLs.
So I can 'scopy' my files with apropriate ACLs on my Samba Ext3+ACL share.

But alas, I can only set it from my root account. Sniff .....

So I thought, I'll try to add user DOMAIN+Administrator to the root users.
But, well that didn't work (didn't think it would, but well, wild guesses
never hurt anyone .. except for my users .. hehe)

Help .... it even scared me, level 10 debug.

[2002/10/20 05:27:08, 0] nmbd/nmbd.c:terminate(59)
Got SIGTERM: going down...
standard input is not a socket, assuming -D option
[2002/10/22 08:46:09, 2] nmbd/nmbd.c:main(832)
Becoming a daemon.
[2002/10/22 08:46:09, 8] lib/util.c:fcntl_lock(1304)
fcntl_lock 4 13 0 1 0
[2002/10/22 08:46:10, 3] lib/util.c:fcntl_lock(1315)
fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable)
[2002/10/22 08:46:10, 3] lib/util.c:fcntl_lock(1336)
fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource
temporarily unavailable)
[2002/10/22 08:46:10, 0] lib/pidfile.c:pidfile_create(85)
ERROR: nmbd is already running. File /usr/local/samba/var/locks/nmbd.pid
exists and process id 31816 is running.

Seems sometinhg is wrong with nmbd ..... hmm .....

Bart

>
> My work-around for modifying ACL's was to create a hidden share that only
> Domain Admins were allowed to access, then for that share I used force
user
> = root.  That enabled all of my domain admins to modify ACL's on all files
> under that share.
>
> I know I've asked more questions than given answers, but sometimes it
helps.
>
> Josh
>
> -----Original Message-----
> From: Bart [mailto:bartspam at aia-itp.com]
> Sent: Wednesday, October 23, 2002 3:30 AM
> To: samba at lists.samba.org
> Subject: [Samba] How do I permit NT Administrator to manage ACL's on
> samba file server
>
>
> How to manage my Samba ACLs from NT ?
> My administrator seemingly doesn't have the rights to change ACLs
> (ownership).
>
> And even though my administrator owns the fiels on the Samba machine it
has
> no rights to change ACLs or ownership.
> The files are owned by "DOMAIN+Administrator" and group is "DOMAIN+Domain
> Admins".
>
> I have added the user to smbpasswd I think (how can I check this ? And is
> this needed ?).
> Or di I have to give this user 'root' rights and how can I do that ?
>
> Bart
> ----------------------------------------------------------------------
> Aia Software B.V.                     Phone :  +31 24 371 02 30
> PO Box 38025                          Fax   :  +31 24 371 02 31
> 6503 AA Nijmegen                      URL   :  http://www.aia-itp.com
> The Netherlands
> ----------------------------------------------------------------------
> This E-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this E-mail in error please notify
> the postmaster (postmaster at aia-itp.com). The authenticity of this
> message cannot, at this moment, be guaranteed by ourselves. For this
> reason no legal rights may be granted should the contents differ to
> the original sent message. The Aia log-file of sent messages is deemed
> to be the sole, true transcript of communication unless the contrary,
> other than the received message, can be proven.
> ----------------------------------------------------------------------
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list