[Samba] samba menber of AD domain and ACL support question

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 18 05:57:48 GMT 2006

Hash: SHA1

Adam Nielsen wrote:
>> - why get I a strange display on security option ?
> Samba has always behaved like this for me, but I'm not exactly sure
> why.  If you scroll down you'll notice that 'Special Permissions' is
> ticked, which is Windows' way of saying "there are permissions that
> don't fit the checkboxes here."  It seems to work fine if you just
> ignore that initial permissions window and use the Advanced options
> only.

Let me shed some light.  In Windows an ace can apply to
the folder or to subfolders & files.  Assume the following
POSIX acl which will map to the the Windows ACL on the right
(FARSCAPE is the domain).

$ getfacl  winadmin/
# file: winadmin
# owner: jerry
# group: users
user::rwx		FARSCAPE\jerry (Full) - this folder
group::r-x		FARSCAPE\users (Read&Exec) - this folder
other::r-x		Everyone (Read&Exec) - this folder
default:user::rwx	CREATOR OWNER (Full) - subfolders & files
default:user:jerry:rwx	FARSCAPE\jerry (Full) - subfolders & files
default:group::r-x	CREATOR GROUP (Read&Exec) - subfolders & files
default:group:users:r-x	FARSCAPE\users (Read&Exec) - subfolders & files
default:other::r-x	Everyone (Read&Exec) - subfolders & files

So the these ACEs show in the initial page of the security tab

FARSCAPE\jerry	(Full Control)
FARSCAPE\users  (Read&Exec)
Everyone	(Read&Exec)

And these will have to be viewed from the advanced tab.


>> - why can't I able to modify privileges via windows ?
> I'm not 100% sure on this one, but I think it's because you're not
> logged on as a user that Samba thinks has admin access.  

You just have to be the owner of the file.  Also see the 'dos filemode'
option in smb.conf(5).

Hope this helps.

cheers, jerry
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list