RE [Samba] More help on ACL
problemplease...anyone...anyone...Bueller?
spu at corman.be
spu at corman.be
Mon Jan 24 16:32:52 GMT 2005
Extract of smb.conf :
valid users (S)
This is a list of users that should be allowed to login to this
service. Names starting with '@', '+' and '&' are interpreted using
the same rules as described in the invalid users parameter.
If this is empty (the default) then any user can login. If a username
is in both this list and the invalid users list then access is denied
for that user.
The current servicename is substituted for %S . This is useful in the
[homes] section.
Default: valid users = # No valid users list (anyone can login)
Example: valid users = greg, @pcusers
"Travis Bullock"
<tbullock at avmax.c
a> A
<spu at corman.be>
24/01/2005 17:28 cc
Objet
RE: RE [Samba] More help on ACL
problemplease...anyone...anyone...B
ueller?
I modified your setting
Sure:
[Planning]
comment = Avmax Domain Shares
browseable = yes
writable = yes
read only = no
# valid users = AVMAX+Planning
create mode = 0664
directory mode = 0775
path = /usr/avamx_shares/Planning
There she is. Do I have to include all groups in 'valid users'? If so
what
would the separator be?
-----Original Message-----
From: samba-bounces+tbullock=avmax.ca at lists.samba.org
[mailto:samba-bounces+tbullock=avmax.ca at lists.samba.org]On Behalf Of
spu at corman.be
Sent: Monday, January 24, 2005 9:03 AM
To: Samba (E-mail)
Subject: RE [Samba] More help on ACL
problemplease...anyone...anyone...Bueller?
Hi,
I think is not a ACL problem, it's a smb.conf share configuration problem,
could you sent a part of your smb.conf which about of this share.
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
"Travis Bullock"
<tbullock at avmax.c
a> A
Envoyé par : "Samba (E-mail)"
samba-bounces+ste <samba at lists.samba.org>
phane.purnelle=co cc
rman.be at lists.sam
ba.org Objet
[Samba] More help on ACL problem
please...anyone...anyone...Bueller?
24/01/2005 16:59
Hello,
I am running Fedora Core 2.
Kernel: linux-2.6.5-1.358
Kernel supports ACL:
[root at atlas configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_XFS_SECURITY=y
CONFIG_DEVPTS_FS_SECURITY=y
[root at atlas configs]# grep XATTR kernel-2.6.5-i686-smp.config
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT3_FS_XATTR=y
CONFIG_DEVPTS_FS_XATTR=y
Have extended attributes set in /etc/fstab is as follows:
/dev/Goliath/root / ext3 acl,user_xattr 1 1
I have a directory called Planning with ACL permissions assigned via the
setfacl command:
drwxrwx---+ 2 root AVMAX+Planning 4096 Jan 14 09:55 Planning
which looks like this with getfacl:
[root at atlas avamx_shares]# getfacl Planning/
# file: Planning
# owner: root
# group: AVMAX+Planning
user::rwx
group::rwx
group:AVMAX+Domain Users:r--
mask::rwx
other::---
Problem:
If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is
no
problem. I can browse to the Planning directory via My Network Places.
However if I remove my account from the AVMAX+Planning group and browse to
the Planning directory it prompts me for a password. Because my account is
by default a member of the AVMAX+Domain Users and I have configured (i
think) the Planning directory ACL to allow read access to the AVMAX+Domain
Users group.....I should be able to browse this directory without being
prompted for a username and password....
QUESTION: What did I do wrong or not do at all to make the applied ACL
function correctly and allow all users in the AVMAX+Domain Users group read
acces to the Planning samba share?
Cheers,
Travis
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-----------------------------------
Stéphane PURNELLE stephane.purnelle at corman.be
Service Informatique Corman S.A. Tel : 00 32 087/342467
More information about the samba
mailing list