[Samba] Can't see or change ACLs on Windows

Eric Diven eric.diven at edsiohio.com
Fri Oct 19 13:55:35 GMT 2007 

Whoops, these were both supposed to go to the list.

If I log on as the owner of the file, I still can't add another entry to
the ACL.  I can change the permissions set on the user, group and world
permissions, but that's it.  I do see that that the owner is identified
as the user I'm logged in as.

~Eric 

-----Original Message-----
From: Stas [mailto:narezatel at gmail.com]
Sent: Friday, October 19, 2007 12:13 AM
To: Eric Diven
Cc: samba at lists.samba.org
Subject: Re: [Samba] Can't see or change ACLs on Windows

make sure that user logged in to windows box is an owner of files .
as i know , only owner can change permissions .
try  # chown "administrator/DOMAIN" /samba/test.txt  , after that try to
set permissions on this file from windows .


On 10/18/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> None when I open the security tab, but when I try to add an entry to 
> the ACL, I get:
>
> "Unable to save permission changes on directory on 'croesus running 
> samba (ipaddress)' (driveletter:).
>
> Access is denied."
>
> The smb.conf file is set up to allow admin access to both an AD user 
> and
> group:
>
> the relevant sections of the smb.conf file:
>
> [global]
>         workgroup = W2K3TEST
>         realm = W2K3TEST.LOCAL
>         server string = croesus running samba
>         security = ADS
>         log file = /var/log/samba/log.%m
>         max log size = 50
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         printcap name = /etc/printcap
>         preferred master = No
>         dns proxy = No
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         winbind separator = +
>
> [afiles]
>         path = /foo/afiles
>         admin users = W2K3TEST+bobadmin, @W2K3TEST+admins
>         read only = No
>
> I've logged in both as another member of the W2K3TEST+admins group, 
> and as W2K3TEST+bobadmin, and that doesn't seem to have any effect on 
> whether or not it works.  I've also tried adding a non-domain user and

> group to the ACL on the Solaris side to see if that would make an 
> entry other that the standard permissions appear on Windows, but to no
avail.
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Thursday, October 18, 2007 3:39 PM
> To: Volker.Lendecke at sernet.de
> Cc: Eric Diven; samba at lists.samba.org
> Subject: Re: [Samba] Can't see or change ACLs on Windows
>
>  any errors on windows side when you try to set permissions?
>
> On 10/18/07, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> > On Thu, Oct 18, 2007 at 09:11:59AM -0400, Eric Diven wrote:
> > > Here you go:
> > >
> > > bash-3.00# /usr/local/samba/sbin/smbd -b | grep ACL
> > >    HAVE_SYS_ACL_H
> > >    HAVE_SOLARIS_ACLS
> > >    HAVE__ACL
> > >    HAVE__FACL
> > >
> > > It looks plausible to me, but I'm assuming you know better than I 
> > > what
> >
> > That indeed looks right. No idea then, sorry. Maybe you want to look

> > in a debug level 10 log of smbd, search for 
> > call_nt_transact_query_security_desc, maybe you find something 
> > obvious.
> >
> > Volker
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> >
>

More information about the samba mailing list