[Samba] samba menber of AD domain and ACL support question
Gerald (Jerry) Carter
jerry at samba.org
Wed Jan 18 05:57:48 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Adam Nielsen wrote:
>> - why get I a strange display on security option ?
> Samba has always behaved like this for me, but I'm not exactly sure
> why. If you scroll down you'll notice that 'Special Permissions' is
> ticked, which is Windows' way of saying "there are permissions that
> don't fit the checkboxes here." It seems to work fine if you just
> ignore that initial permissions window and use the Advanced options
Let me shed some light. In Windows an ace can apply to
the folder or to subfolders & files. Assume the following
POSIX acl which will map to the the Windows ACL on the right
(FARSCAPE is the domain).
$ getfacl winadmin/
# file: winadmin
# owner: jerry
# group: users
user::rwx FARSCAPE\jerry (Full) - this folder
group::r-x FARSCAPE\users (Read&Exec) - this folder
other::r-x Everyone (Read&Exec) - this folder
default:user::rwx CREATOR OWNER (Full) - subfolders & files
default:user:jerry:rwx FARSCAPE\jerry (Full) - subfolders & files
default:group::r-x CREATOR GROUP (Read&Exec) - subfolders & files
default:group:users:r-x FARSCAPE\users (Read&Exec) - subfolders & files
default:other::r-x Everyone (Read&Exec) - subfolders & files
So the these ACEs show in the initial page of the security tab
FARSCAPE\jerry (Full Control)
And these will have to be viewed from the advanced tab.
>> - why can't I able to modify privileges via windows ?
> I'm not 100% sure on this one, but I think it's because you're not
> logged on as a user that Samba thinks has admin access.
You just have to be the owner of the file. Also see the 'dos filemode'
option in smb.conf(5).
Hope this helps.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba