[Samba] ACLs, admin equivalent account, and file ownership.

Nathan R. Valentine nathan at nathanvalentine.org
Wed May 26 14:29:40 GMT 2004


Here's the scenario:
	- Debian stable.
	- Samba 2.2.3a-13 w/ ACL support.
	- XFS filesystem.
	- smb.conf: admin users = admin "@Domain Admins"
	- admin == the domain administrator account.

I'm trying to recursively reset the permissions and access list entries
on a series of directories. Some of the files are owned by users other
than admin. Besides the "admin users" settings in smb.conf, user admin
and the group "Domain Admins" have "Full Control" over the directory and
all sub-directories. 

When I try to "Reset permissions and propagate inheritable..." on the
root of the share I get messages like so: 

"An error occurred applying security information to: 

<some file name where the file is not owned by admin>

Access is denied."

My understanding was that listing admin in the "admin users" directive
would make admin all powerful/root and allow the account to reset any
and all ACLs and take ownership of files. 

What am I missing? Must I first take ownership of all files *before*
resetting all of the ACLs? 


-- 
Nathan R. Valentine <nathan at nathanvalentine.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040526/054b0b76/attachment.bin


More information about the samba mailing list