[Samba] Re: Win2k domain, ACLs and permissions

[Tom Dickson]

Comments below:

>1) If I delete Everyone, Domain Users, or Administrator from a folder's
>permissions, they reappear when the settings are applied.

These are the Unix Owner/Group/Everyone permissions, and cannot be removed.
You can get the same effect as removing Everyone by denying Everyone full
control. The error message windows gives you doesn't apply.

>4) Group name resolution doesn't seem to be fully working under Linux.
>wbinfo will translate between a gid, a SID, and the name just fine, but
>if I use ls -l on a directory that has been created via a share, the
>owner is looked up correctly but not the group ("10002" instead of
>"CJNTECH\whatever"). getfacl produces similar results, returning a
>number for the group instead of the name. I checked, and winbind is in
>the "group:" line in /etc/nsswitch.conf.

That's strange, on my config it works OK - does the winbind lookup work
manually? wbinfo -G 10002 then wbinfo -Y SID?

There should be an ACL faq somewhere for all of us ACL users! :)

-Tom Dickson