[Samba] Can't see or change ACLs on Windows

Stas narezatel at gmail.com
Fri Oct 19 22:21:50 GMT 2007 

strange ...
please post  getfacl output .

On 10/19/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> Whoops, these were both supposed to go to the list.
>
> If I log on as the owner of the file, I still can't add another entry to
> the ACL.  I can change the permissions set on the user, group and world
> permissions, but that's it.  I do see that that the owner is identified
> as the user I'm logged in as.
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Friday, October 19, 2007 12:13 AM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't see or change ACLs on Windows
>
> make sure that user logged in to windows box is an owner of files .
> as i know , only owner can change permissions .
> try  # chown "administrator/DOMAIN" /samba/test.txt  , after that try to
> set permissions on this file from windows .
>
>
> On 10/18/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > None when I open the security tab, but when I try to add an entry to
> > the ACL, I get:
> >
> > "Unable to save permission changes on directory on 'croesus running
> > samba (ipaddress)' (driveletter:).
> >
> > Access is denied."
> >
> > The smb.conf file is set up to allow admin access to both an AD user
> > and
> > group:
> >
> > the relevant sections of the smb.conf file:
> >
> > [global]
> >         workgroup = W2K3TEST
> >         realm = W2K3TEST.LOCAL
> >         server string = croesus running samba
> >         security = ADS
> >         log file = /var/log/samba/log.%m
> >         max log size = 50
> >         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >         printcap name = /etc/printcap
> >         preferred master = No
> >         dns proxy = No
> >         idmap uid = 10000-20000
> >         idmap gid = 10000-20000
> >         winbind separator = +
> >
> > [afiles]
> >         path = /foo/afiles
> >         admin users = W2K3TEST+bobadmin, @W2K3TEST+admins
> >         read only = No
> >
> > I've logged in both as another member of the W2K3TEST+admins group,
> > and as W2K3TEST+bobadmin, and that doesn't seem to have any effect on
> > whether or not it works.  I've also tried adding a non-domain user and
>
> > group to the ACL on the Solaris side to see if that would make an
> > entry other that the standard permissions appear on Windows, but to no
> avail.
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Thursday, October 18, 2007 3:39 PM
> > To: Volker.Lendecke at sernet.de
> > Cc: Eric Diven; samba at lists.samba.org
> > Subject: Re: [Samba] Can't see or change ACLs on Windows
> >
> >  any errors on windows side when you try to set permissions?
> >
> > On 10/18/07, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> > > On Thu, Oct 18, 2007 at 09:11:59AM -0400, Eric Diven wrote:
> > > > Here you go:
> > > >
> > > > bash-3.00# /usr/local/samba/sbin/smbd -b | grep ACL
> > > >    HAVE_SYS_ACL_H
> > > >    HAVE_SOLARIS_ACLS
> > > >    HAVE__ACL
> > > >    HAVE__FACL
> > > >
> > > > It looks plausible to me, but I'm assuming you know better than I
> > > > what
> > >
> > > That indeed looks right. No idea then, sorry. Maybe you want to look
>
> > > in a debug level 10 log of smbd, search for
> > > call_nt_transact_query_security_desc, maybe you find something
> > > obvious.
> > >
> > > Volker
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > >
> > >
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list