[Samba] Samba and Windows ACL Issue

John H Terpstra jht at Samba.Org
Fri May 27 20:50:30 GMT 2005 

On Friday 27 May 2005 14:39, Doug VanLeuven wrote:
> John,
> Why should acl support be needed for a simple owner or group change?

It isn't. I was responding to the matter of ACL's support. You are perfectly 
correct - ownership management has nothing to do with ACL's per se.

But in UNIX only root can change the ownership of a file, unlike Windows, in 
which the owner can change the ownership of the file (or directory).

If you want to make it possible for a user to change file and directory 
ownership you will need to use the user rights and privileges setting to 
provide that. The user will need to be given seDiskOperatorPrivilege - and 
that makes them 'root' for all such operations.

- John T.

>
> Regards, Doug
>
> John H Terpstra wrote:
> >Ross,
> >
> >The fstab below shows that your file systems are NOT mounted with ACL
> > support. To gain ACL support you need:
> >1. A the ACL and EA functionality in the Linux kernel
> >2. To mount the file systems with ACL and XATTR support
> >3. Samba compiled and linked with the ACL and XATTR libraries
> >
> >An example fstab entry to mount a file system with ACL and XATTR support
> > is given here:
> >
> >LABEL=/export/1    /export/1     ext3    defaults,acl,user_xattr 1 2
> >
> >Cheers,
> >John T.
> >
> >On Friday 27 May 2005 08:48, Ross McInnes wrote:
> >>Hi Tonni
> >>
> >>LABEL=/                 /                       ext3    defaults        1
> >> 1 LABEL=/boot             /boot                   ext3    defaults      
> >>  1 2 none                    /dev/pts                devpts 
> >> gid=5,mode=620  0 0 LABEL=/export/1         /export/1               ext3
> >>    defaults        1 2 LABEL=/export/2         /export/2              
> >> ext3    defaults        1 2 none                    /proc               
> >>    proc    defaults        0 0 none                    /dev/shm         
> >>       tmpfs   defaults        0 0 /dev/sda3               swap          
> >>          swap    defaults        0 0 /dev/cdrom              /mnt/cdrom 
> >>             udf,iso9660
> >>noauto,owner,kudzu,ro 0 0
> >>/dev/fd0                /mnt/floppy             auto   
> >> noauto,owner,kudzu 0 0
> >>
> >>That's my fstab
> >>
> >>Student accounts are on /export/1
> >>Staff on /export/2
> >>
> >>Many thanks
> >>
> >>Ross
> >>
> >>-----Original Message-----
> >>From: samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org
> >>[mailto:samba-bounces+sysrm=stvincent.ac.uk at lists.samba.org] On Behalf Of
> >>Tony Earnshaw
> >>Sent: 27 May 2005 15:00
> >>To: samba at lists.samba.org
> >>Subject: Re: [Samba] Samba and Windows ACL Issue
> >>
> >>fre, 27.05.2005 kl. 15.20 skrev Ross McInnes:
> >>>Hi all got a bit of and odd problem with ACL. Ive read up on a few
> >>>bits in the samba howto and read some threads on here about it.
> >>>
> >>>Im not sure if this is a bug, something ive not done, doing wrong etc
> >>>so anyone that could shed some light on it that would be great.
> >>>
> >>>Basically the windows box handles all user account processing and
> >>>during creating a script for all this it will attempt to change the
> >>>permissions on the HOME directory to the user in question
> >>>
> >>>(i.e C:\>cacls Z:\Students\2005\sb05 /G sb05:F /T /E)
> >>>
> >>>But I always get Access is denied. Even tho its currently owned by
> >>>administrator.
> >>>
> >>>Trying the "manual" way, and the ways listed in the offical samba
> >>>howto guide produces similar results.
> >>
> >>Sounds as though you don't have POSIX ACLs enabled on the Samba share
> >>mount.
> >>
> >>>The only way I can change the owner is to go into linux and use the
> >>>chown command.
> >>>
> >>>After that its set to the correct user and all is well... Except by
> >>>doing it by hand kinda rains on my lovely automatic user creation
> >>> script!
> >>>
> >>>Samba.log file shows me no errors, as do any of the others. If there a
> >>>switch/option I need to enable?
> >>>
> >>>Below is smb.conf
> >>>
> >>>Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode.
> >>
> >>[...]
> >>
> >>The OS has ACL support as standard, but it's not enabled by default.
> >>What does /etc/fstab look like for the share mount?
> >>
> >>--Tonni
> >>
> >>--
> >>mail: tonye at billy.demon.nl
> >>http://www.billy.demon.nl
> >>
> >>Eg er bergenser og, eg, men, Trondheims-ordfører Marvin Wiseth:
> >>«Bergenserne er flinke til å gjøre mye ut av lite» (uttalte seg over 17.
> >>mai feiringen iår, men gjelder sannsynligvis og dette mel mitt).
> >>
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list