[Samba] ACL on a directory
Александр Соколов
sokoloff at mail.ru
Fri Nov 28 17:14:18 GMT 2003
I'm using gentoo-1.4 and Samba 3.0 pdc.
And i have problems with display and change of rights of access to directories.
My system:
Kernel 2.4.20-gentoo-r8 (File systems-> POSIX Access Control Lists it is included),
Root file system - reiserfs,
shared folders are on ext3 which is mounted with an option acl
samba it is compiled with options " - with-acl-support - with-winbind - with-quotas=no - with-ads=no - with-ldap=no - enable-cups=no "
In windows property dialog, for files I can see/change permitions.
But for directories, names of users and groups are displayed, but all checkbox are not marked.
When I try to change rights of access in windows dialogue occur the
"Creator Owner" and the "Creator Group", but rights do not change.
That it would be clearer I shall explain:
I create a directory.
$ mkdir /home/samba/public/dir
$ ls -l /home/samba/public/
drwxr-xr-x 2 sokoloff users 4096 Nov 28 09:06 dir
$ getfacl /home/samba/public/dir
getfacl: Removing leading '/' from absolute path names
* file: home/samba/public/dir
* owner: sokoloff
* group: users
user:: rwx
group:: r-x
other:: r-x
$ smbcacls //fileservv/public dir
added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0
Password:
REVISION:1
OWNER:NEWOFFICE\sokoloff
GROUP:NEWOFFICE\Domain Users
ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL
ACL:NEWOFFICE\Domain Users:ALLOWED/0/READ
ACL:\Everyone:ALLOWED/0/READ
Try to change rights from windows:
$ getfacl /home/samba/public/dir
getfacl: Removing leading '/' from absolute path names
* file: home/samba/public/dir
* owner: sokoloff
* group: users
user:: rwx
group:: rwx
other:: r-x
default:user:: rwx
default:group:: rw-
default:other::---
$ smbcacls //fileservv/public dir
added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0
Password:
REVISION:1
OWNER:NEWOFFICE\sokoloff
GROUP:NEWOFFICE\Domain Users
ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL
ACL:NEWOFFICE\Domain Users:ALLOWED/0/FULL
ACL:\Everyone:ALLOWED/0/READ
ACL:\Creator Owner:ALLOWED/11/FULL
ACL:\Creator Group:ALLOWED/11/RW
ACL:\Everyone:ALLOWED/11/
Right after additions of new group, the right for this group are shown.
$ smbcacls //fileservv/public dir
added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0
Password:
REVISION:1
OWNER:NEWOFFICE\sokoloff
GROUP:NEWOFFICE\Domain Users
ACL:NEWOFFICE\Domain Admins:ALLOWED/3/READ
ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL
ACL:NEWOFFICE\Domain Users:ALLOWED/0/FULL
ACL:\Everyone:ALLOWED/0/READ
ACL:\Creator Owner:ALLOWED/11/FULL
ACL:\Creator Group:ALLOWED/11/RW
ACL:\Everyone:ALLOWED/11/
But after I shall try to change rights, they change and cease to be displayed in windows.
$ smbcacls -d0 //fileservv/public dir
added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0
Password:
REVISION:1
OWNER:NEWOFFICE\sokoloff
GROUP:NEWOFFICE\Domain Users
ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL
ACL:NEWOFFICE\Domain Admins:ALLOWED/0/READ
ACL:NEWOFFICE\Domain Users:ALLOWED/0/FULL
ACL:\Everyone:ALLOWED/0/READ
ACL:\Creator Owner:ALLOWED/11/FULL
ACL:NEWOFFICE\Domain Admins:ALLOWED/11/R
ACL:\Creator Group:ALLOWED/11/RW
ACL:\Everyone:ALLOWED/11/
In log file there are lines like:
[2003/11/28 09:34:57, 3] smbd/error.c:error_packet(113)
error packet at smbd/nttrans.c(832) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY
Somebody may help and explain to me that occurs?
I am sorry for my English
--
Best regards,
Alesander mailto:asokol at mail.ru
-------------- next part --------------
---------------
Unix username: sokoloff
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2527521699-1791030769-2686926151-2000
Primary Group SID: S-1-5-21-2527521699-1791030769-2686926151-513
Full Name:
Home Directory: \\fileservv\Profiles\sokoloff\.profile
HomeDir Drive:
Logon Script:
Profile Path: \\fileservv\Profiles\sokoloff
Domain: NEWOFFICE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 23:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 23:45:51 GMT
Password last set: Tue, 25 Nov 2003 00:15:29 GMT
Password can change: Tue, 25 Nov 2003 00:15:29 GMT
Password must change: Fri, 13 Dec 1901 23:45:51 GMT
---------------
Unix username: sokoloff$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-2527521699-1791030769-2686926151-3000
Primary Group SID: S-1-5-21-2527521699-1791030769-2686926151-1815
Full Name: SOKOLOFF$
Home Directory: \\fileservv\Profiles\sokoloff_\.profile
HomeDir Drive:
Logon Script:
Profile Path: \\fileservv\Profiles\sokoloff_
Domain: NEWOFFICE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 23:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 23:45:51 GMT
Password last set: Wed, 26 Nov 2003 14:09:14 GMT
Password can change: Wed, 26 Nov 2003 14:09:14 GMT
Password must change: Fri, 13 Dec 1901 23:45:51 GMT
---------------
Unix username: root
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2527521699-1791030769-2686926151-1000
Primary Group SID: S-1-5-21-2527521699-1791030769-2686926151-512
Full Name: root
Home Directory: \\fileservv\Profiles\root\.profile
HomeDir Drive:
Logon Script:
Profile Path: \\fileservv\Profiles\root
Domain: NEWOFFICE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 23:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 23:45:51 GMT
Password last set: Tue, 25 Nov 2003 00:15:20 GMT
Password can change: Tue, 25 Nov 2003 00:15:20 GMT
Password must change: Fri, 13 Dec 1901 23:45:51 GMT
---------------
Unix username: nobody
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2527521699-1791030769-2686926151-501
Primary Group SID: S-1-5-21-2527521699-1791030769-2686926151-514
Full Name: nobody
Home Directory: \\fileservv\Profiles\nobody\.profile
HomeDir Drive:
Logon Script:
Profile Path: \\fileservv\Profiles\nobody
Domain: NEWOFFICE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Fri, 13 Dec 1901 23:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 23:45:51 GMT
Password last set: Wed, 26 Nov 2003 16:22:52 GMT
Password can change: Wed, 26 Nov 2003 16:22:52 GMT
Password must change: Fri, 13 Dec 1901 23:45:51 GMT
-------------- next part --------------
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-2527521699-1791030769-2686926151-513) -> users
Creator Group (S-1-3-1) -> crgroup
Everyone (S-1-1-0) -> everyone
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-2527521699-1791030769-2686926151-512) -> root
Account Operators (S-1-5-32-548) -> -1
Domain Guests (S-1-5-21-2527521699-1791030769-2686926151-514) -> nobody
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
More information about the samba
mailing list