[Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba
Juer Lee
juer.lee at plasmon.ie
Wed Mar 2 08:31:36 GMT 2005
This issue is not caused by that the client user doesn't have privilege to
set ACLs. 'admin users' won't help
-----Original Message-----
From: brennion at buerstner.com [mailto:brennion at buerstner.com]
Sent: Wednesday, March 02, 2005 16:00
To: jerry at samba.org; juer.lee at plasmon.ie
Cc: samba at lists.samba.org
Subject: AW: [Samba] Samba - NT ACL implemented by Unix Posix ACL via Samba
I'm not an expert on that, but did you tried the following settings on
smb.conf for your share :
admin users = NTDOMAIN+Administrator
valid users = .....
I think this is necessary to use ACL with samba and ntdomain...
-----Ursprüngliche Nachricht-----
Von: Gerald (Jerry) Carter [mailto:jerry at samba.org]
Gesendet: Montag, 28. Februar 2005 16:43
An: Juer Lee
Cc: samba at lists.samba.org
Betreff: Re: [Samba] Samba - NT ACL implemented by Unix Posix ACL via
Samba
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Juer Lee wrote:
| 1. Why Samba always think the owner always
| has 'READ' access right on a file, 'READ and WRITE' access
| rights on a directory? I checked the code of
| posix_acls.c, those bits are OR-ed by default
It was a workaround for some empty nttrans_set_security_descriptor()
requests IIRC. Mostly had problems with profiles becoming
unusable.
| 2. Try to create a folder via the Samba
| Win2k client(make sure there are only base permissions
| on it - no any ACLs), right click on the folder and go
| to 'Security' tab, choose the owner in the name table,
| tick some check-boxes in column 'Allow' and
| click 'Apply', you will see two more entries 'CREATOR OWNER'
| and 'CREATOR GROUP' are displayed - I understand this
| is caused by that the default ACLs are created.
| ut why the default ACLs for the owner is NOT created??
| The default ACLs can only be created when the
| former steps are repeated.
If I understand your question correctly, it is because Samba
only translates the acls as they exist on disk. You can
setup the default acls from a shell prompt if you like.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCIzwHIR7qMdg1EfYRAv+BAJ4hWjAvMlVGM8Vp89l3FIQLFBd8ywCfdCE8
qYbhIRHEYjY1oUWVI1Ifaas=
=5jPt
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list