[Samba] ACL Question [Repost]
David Sonenberg
dsonenberg at strozllc.com
Tue Mar 1 18:46:23 GMT 2005
Well, I'm not the only one who's experiencing this problem. Does anyone
out there have any ideas? Is this a bug or just a misconfiguration.
I'd really like to get this resolved.
Thomas Boutell wrote:
> I experience similar symptoms with both 3.0.10-as-found-in-fedora-core-3
> and samba-3.0.11. One difference is that I haven't been able to make
> smbcacls get as far as denying permission. Shouldn't this command work?
>
> smbcacls //localhost/research research1.txt -a
> ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
> Password:
> Failed to parse ACL ACL:AD\MarketingGroup
>
> Note that when I remove the -a to just list ACLs, it works fine, so a
> parsing error doesn't make much sense here:
>
> [root at ADSambaFP1 ~]# smbcacls //localhost/research research1.txt
> ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
> Password:
> REVISION:1
> OWNER:AD\salesperson1
> GROUP:S-1-5-21-875667829-2241442456-3328505926-1130
> ACL:AD\salesperson1:ALLOWED/0/RW
> ACL:S-1-5-21-875667829-2241442456-3328505926-1130:ALLOWED/0/R
> ACL:\Everyone:ALLOWED/0/R
>
> Yes, I can use getfacl and setfacl successfully and yes, ACLs are enabled
> in Samba and on the ext3 file system in question (POSIX ACLs).
>
> Thanks for any information.
>
> On Mon, 28 Feb 2005, David Sonenberg wrote:
>
>> OK so I've got samba-3.0.11 compiled with ACL support. I've running
>> 2.4.25 with the ACL/ATTR patch applied. I can read and set ACLS's
>> using the getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's
>> linked to libattr.so.1 and libacl.so.1. I can read ACL with the
>> smbcacls program, but when I try to set them I get:
>> ERROR: Unable to open credentials file!
>>
>> Also from the windows side, in the properties of a file in it show the
>> users and groups for that file but it lists the perms is all blank,
>> and when I try to change the perms I get a window labeled 'Security'
>> with the message:
>> Unable to save premission changes on xxxxxxxxxxxx.
>> Access is denied.
>> --
>> David Sonenberg
>> Systems / Network Administrator
>> Stroz Friedberg, LLC
>> 15 Maiden Lane
>> 15th Floor
>> New York, NY 10038
>> Tel 212.981.6527
>> Fax 917.495.4918
>>
>> This message is for the named person's use only. It may contain
>> confidential, proprietary or legally privileged information. No right
>> to confidential or privileged treatment of this message is waived or
>> lost by any error in transmission. If you have received this message
>> in error, please immediately notify the sender by e-mail or by
>> telephone at 212.981.6540, delete the message and all copies from your
>> system and destroy any hard copies. You must not, directly or
>> indirectly, use, disclose, distribute, print or copy any part of this
>> message if you are not the intended recipient.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>
> --
> Thomas Boutell
> Boutell.Com, Inc. http://www.boutell.com/
>
--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No right to
confidential or privileged treatment of this message is waived or lost
by any error in transmission. If you have received this message in
error, please immediately notify the sender by e-mail or by telephone at
212.981.6540, delete the message and all copies from your system and
destroy any hard copies. You must not, directly or indirectly, use,
disclose, distribute, print or copy any part of this message if you are
not the intended recipient.
More information about the samba
mailing list