[Samba] modifying file permissions

Robert Mortimer rmortimer at bluechiptechnology.co.uk
Thu Dec 21 15:42:06 GMT 2006 

> Hi Gary
>
> First of all the permissions assigned from windows are actually Access
> control lists which are not supported by default
>

Windows/SAMBA can map ACLs to fine-grain windows permissions but it always
reads the UNIX permissions as well. The UNIX permissions are where it
encodes the windows READ ONLY permission that is unsupported by UNIX. If you
set a file/Directory so that the owner does not have simple UNIX write
permissions this will be cause SAMBA to report the windows read only flag
even if the user does have write permissions assigned under ACLs

more about these mappings can be found here:-

http://www.oreilly.com/catalog/samba/chapter/book/ch05_03.html

SAMBA can also Map system, archive and hidden attributes be messing with the
UNIX file permissions but these are off by default (I think)

Please reply to the list rather than direct to me.
Rob

> so first enable acl support for the filesystem for which you want
> to assign
> permissions from windows.
> ie /etc/fstab file for example for /public file system
>
> LABEL=/public              /public                       ext3
> defaults,*
> acl *       1 1
>
> and give this command
> mount -o remount,rw /public
>
> and in smb.conf in global section add the following entries
> nt acl support = yes
> inherit acls = Yes
> map acl inherit = Yes
>
> Try this
>
> Regards
> Niranjan
>
> On 12/8/06, Gary R. Day <grday at grday-home.net> wrote:
>
> > Folks,
> >
> >     I have smbd 2.2.7 running on a Redhat Linux 9.0 system
> > from which I am mapping directories onto my Windows XP Professional
> > system.
> >
> > For the most part everything is working fine.  The one thing
> that doesn't
> > seem to work is that of changing permissions on a file from Windows.
> > I have a user grday in group developer on the linux system with
> > home directory /home/grday.  I have the smb.conf file shown below.
> > The share mapps ok, and I can create a file which gets the correct
> > permissions from the creation mask.  However, when I right-click
> > the file, and select the security tab from the properties dialog,
> > and then try to set the write permission for the developer group
> > I get "access denied" when I click ok.
> >
> > Also, an oddity is that, unless I put user "nobody" in the
> > smbpasswd database I get a lot of messages like:
> >
> > [2006/12/04 16:55:25, 1] smbd/password.c:pass_check_smb(545)
> > Couldn't find user 'nobody' in passdb.
> >
> > I have a similar problem with smbd 2.2.12 running on a solaris 9 system
> > with a bunch of Windows 2000 clients.  In that case, I got rid of
> > the nobody messages by putting nobody in the smbpasswd database.
> > However, I now get a lot of messages like:
> >
> > [2006/12/04 10:28:46, 0] smbd/service.c:(563)
> > Can't become connected user!
> >
> > The messages don't seem to do any harm, but I'm wondering if they
> > have anything to do with my inability to change permissions.
> >
> > here is my smb.conf file.
> >
> >
> >       [global]
> > interfaces = 127.0.0.1/255.255.255.0 192.168.1.7/255.255.255.0
> > bind interfaces only = yes
> > name resolve order = hosts
> > invalid users = root
> > null passwords = yes
> > security = user
> >       encrypt passwords = yes
> > log level = 1
> > max log size = 1000
> >          lock directory = /var/lock/samba
> > directory mask = 0755
> > create mask = 0644
> >    map archive = yes
> >          share modes = yes
> > read only = no
> > delete readonly = yes
> > browsable = no
> >
> > [homes]
> > valid users = +developer
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list