[Samba] RE: Win2k domain, ACLs and permissions

[jra at dp.samba.org]

On Wed, Apr 09, 2003 at 08:46:51AM +1200, Paul Eggleton wrote:
> Tom Dickson wrote on Wednesday, 9 April 2003 7:09 a.m.:
> > Comments below:
> > 
> >> 1) If I delete Everyone, Domain Users, or Administrator from a
> >> folder's permissions, they reappear when the settings are applied.
> > 
> > These are the Unix Owner/Group/Everyone permissions, and cannot be
> > removed. You can get the same effect as removing Everyone by denying
> > Everyone full control. The error message windows gives you doesn't
> > apply.   
> 
> I see. The only problem being that Windows users will find this a bit
> confusing. It would be useful to be able to turn this off somehow.
> 
> >> 4) Group name resolution doesn't seem to be fully working under
> >> Linux. wbinfo will translate between a gid, a SID, and the name just
> >> fine, but if I use ls -l on a directory that has been created via a
> >> share, the owner is looked up correctly but not the group ("10002"
> >> instead of "CJNTECH\whatever"). getfacl produces similar results,
> >> returning a number for the group instead of the name. I checked, and
> >> winbind is in the "group:" line in /etc/nsswitch.conf.
> > That's strange, on my config it works OK - does the winbind lookup
> > work manually? wbinfo -G 10002 then wbinfo -Y SID? 
> 
> Yep, that works, which is the odd thing. I can only assume that
> something is preventing the nsswitch group setting from being used, but
> what that is I have no idea.
> 
> > There should be an ACL faq somewhere for all of us ACL users! :)
> 
> I agree. Shall I start one? :)

Yeah - now the new ACL code is in place I probably need to write
a HOWTO for POSIX ACLs and Samba.

Jeremy.