[Samba] dos filemode not working (NT_STATUS_ACCESS_DENIED)
Jan Lindner
Jan.Lindner at itg.uni-muenchen.de
Sat Aug 26 22:11:08 GMT 2006
Jeremy Allison schrieb:
> On Fri, Aug 25, 2006 at 11:08:05PM +0200, Jan Lindner wrote:
>
>>dear all,
>>
>>switching from 3.0.22 to 3.023b, we can't get the parameter "dos
>>filemode" to work (giving members of a group with full control the
>>ability to change the acl's). in previous versions we were using "acl
>>group control" which served well (now marked deprecated).
>
>
> Symptoms and how to reproduce the problem please ?
>
> Jeremy.
we want to delegate the right to change permissions of a subdirectory on
a samba share to the members of a domain group. So as admin i create a
directory on the share and make that group the primary group owner (full
access,rwx,setgid) of the directory. Then, from a windows client, a
member of that group connects to the share and tries to modify the
permissions or add another group/user to the acls of the directory or a
newly created file in it. It fails with a ACCESS DENIED message (samba
log NT_STATUS_ACCESS_DENIED). Taking ownership doesn't work either.
Using "acl group control" it works, but not with "dos filemode".
setup:
[test]
comment = testshare
path = /media/samba/test
public = no
read only = no
dos filemode = yes
dos filetimes = yes
veto files = /lost+found/
nt acl support = yes
inherit acls = yes
inherit permissions = yes
map acl inherit = yes
inherit owner = yes
acl map full control = yes
security mask = 0777
directory security mask = 0777
ea support = yes
store dos attributes = yes
map readonly = no
map hidden = no
map system = no
map archive = no
msdfs root = no
--
Jan Lindner
Ludwig-Maximilians-Universität München
IT-Gruppe Geisteswissenschaften
Geschwister-Scholl-Platz 1
80539 MÜNCHEN
Tel.: (089) 2180-1394
Fax: (089) 2180-13543
mail: Jan.Lindner at itg.uni-muenchen.de
More information about the samba
mailing list