[Samba] samba menber of AD domain and ACL support question

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 18 05:57:48 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Nielsen wrote:
>> - why get I a strange display on security option ?
> 
> Samba has always behaved like this for me, but I'm not exactly sure
> why.  If you scroll down you'll notice that 'Special Permissions' is
> ticked, which is Windows' way of saying "there are permissions that
> don't fit the checkboxes here."  It seems to work fine if you just
> ignore that initial permissions window and use the Advanced options
> only.

Let me shed some light.  In Windows an ace can apply to
the folder or to subfolders & files.  Assume the following
POSIX acl which will map to the the Windows ACL on the right
(FARSCAPE is the domain).

$ getfacl  winadmin/
# file: winadmin
# owner: jerry
# group: users
user::rwx		FARSCAPE\jerry (Full) - this folder
group::r-x		FARSCAPE\users (Read&Exec) - this folder
other::r-x		Everyone (Read&Exec) - this folder
default:user::rwx	CREATOR OWNER (Full) - subfolders & files
default:user:jerry:rwx	FARSCAPE\jerry (Full) - subfolders & files
default:group::r-x	CREATOR GROUP (Read&Exec) - subfolders & files
default:group:users:r-x	FARSCAPE\users (Read&Exec) - subfolders & files
default:mask::rwx
default:other::r-x	Everyone (Read&Exec) - subfolders & files

So the these ACEs show in the initial page of the security tab

FARSCAPE\jerry	(Full Control)
FARSCAPE\users  (Read&Exec)
Everyone	(Read&Exec)

And these will have to be viewed from the advanced tab.

CREATOR OWNER
CREATOR GROUP

>> - why can't I able to modify privileges via windows ?
> 
> I'm not 100% sure on this one, but I think it's because you're not
> logged on as a user that Samba thinks has admin access.  

You just have to be the owner of the file.  Also see the 'dos filemode'
option in smb.conf(5).


Hope this helps.



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFDzdjcIR7qMdg1EfYRAisOAKCcK/FNCjO7Z3uX2JUEKu+fW/UARQCfRnNf
HE3mN62zIfbCBliutyHxgeo=
=V7PS
-----END PGP SIGNATURE-----

More information about the samba mailing list