[Samba] RE: Win2k domain, ACLs and permissions

Paul Eggleton paule at cjntech.co.nz
Tue Apr 8 20:46:51 GMT 2003


Tom Dickson wrote on Wednesday, 9 April 2003 7:09 a.m.:
> Comments below:
> 
>> 1) If I delete Everyone, Domain Users, or Administrator from a
>> folder's permissions, they reappear when the settings are applied.
> 
> These are the Unix Owner/Group/Everyone permissions, and cannot be
> removed. You can get the same effect as removing Everyone by denying
> Everyone full control. The error message windows gives you doesn't
> apply.   

I see. The only problem being that Windows users will find this a bit
confusing. It would be useful to be able to turn this off somehow.

>> 4) Group name resolution doesn't seem to be fully working under
>> Linux. wbinfo will translate between a gid, a SID, and the name just
>> fine, but if I use ls -l on a directory that has been created via a
>> share, the owner is looked up correctly but not the group ("10002"
>> instead of "CJNTECH\whatever"). getfacl produces similar results,
>> returning a number for the group instead of the name. I checked, and
>> winbind is in the "group:" line in /etc/nsswitch.conf.
> That's strange, on my config it works OK - does the winbind lookup
> work manually? wbinfo -G 10002 then wbinfo -Y SID? 

Yep, that works, which is the odd thing. I can only assume that
something is preventing the nsswitch group setting from being used, but
what that is I have no idea.

> There should be an ACL faq somewhere for all of us ACL users! :)

I agree. Shall I start one? :)

Cheers,
Paul


More information about the samba mailing list