[Samba] ACL Question [Repost]

Thomas Boutell boutell at boutell.com
Mon Feb 28 19:52:57 GMT 2005


I experience similar symptoms with both 3.0.10-as-found-in-fedora-core-3
and samba-3.0.11. One difference is that I haven't been able to make
smbcacls get as far as denying permission. Shouldn't this command work?

smbcacls //localhost/research research1.txt -a ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
Password:
Failed to parse ACL ACL:AD\MarketingGroup

Note that when I remove the -a to just list ACLs, it works fine, so a 
parsing error doesn't make much sense here:

[root at ADSambaFP1 ~]# smbcacls //localhost/research research1.txt ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
Password:
REVISION:1
OWNER:AD\salesperson1
GROUP:S-1-5-21-875667829-2241442456-3328505926-1130
ACL:AD\salesperson1:ALLOWED/0/RW
ACL:S-1-5-21-875667829-2241442456-3328505926-1130:ALLOWED/0/R
ACL:\Everyone:ALLOWED/0/R

Yes, I can use getfacl and setfacl successfully and yes, ACLs are enabled
in Samba and on the ext3 file system in question (POSIX ACLs).

Thanks for any information.

On Mon, 28 Feb 2005, David Sonenberg wrote:

> OK so I've got samba-3.0.11 compiled with ACL support.  I've running 2.4.25 
> with the ACL/ATTR patch applied.  I can read and set ACLS's using the 
> getfacl/setfacl programs.  ldd /usr/sbin/smbd shows it's linked to 
> libattr.so.1 and libacl.so.1.  I can read ACL with the smbcacls program, but 
> when I try to set them I get:
> ERROR:  Unable to open credentials file!
>
> Also from the windows side, in the properties of a file in it show the users 
> and groups for that file but it lists the perms is all blank, and when I try 
> to change the perms I get a window labeled 'Security'  with the message:
> Unable to save premission changes on xxxxxxxxxxxx.
> Access is denied.
> -- 
> David Sonenberg
> Systems / Network Administrator
> Stroz Friedberg, LLC
> 15 Maiden Lane
> 15th Floor
> New York, NY 10038
> Tel 212.981.6527
> Fax 917.495.4918
>
> This message is for the named person's use only.  It may contain 
> confidential, proprietary or legally privileged information. No right to 
> confidential or privileged treatment of this message is waived or lost by any 
> error in transmission.  If you have received this message in error, please 
> immediately notify the sender by e-mail or by telephone at 212.981.6540, 
> delete the message and all copies from your system and destroy any hard 
> copies.  You must not, directly or indirectly, use, disclose, distribute, 
> print or copy any part of this message if you are not the intended recipient.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

--
Thomas Boutell
Boutell.Com, Inc. 
http://www.boutell.com/



More information about the samba mailing list