[Samba] Can't see or change ACLs on Windows

Stas narezatel at gmail.com
Fri Oct 26 22:56:11 GMT 2007 

any errors in samba's log?
what error exactly you get at windows box when you try to set permissions?

On 10/22/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> Here's what I have set up.  The ACLs on the directory afiles currently
> do pretty much what I need them to do with samba, which is set up
> permissions and acls on any files created in the directory by a windows
> client.  It needs a little fine-tuning, but it's close.
>
> bash-3.00# ls -l ; getfacl afiles
> total 2
> drwxrws---+  2 W2K3TEST+bobadmin W2K3TEST+awriters     512 Oct 17 17:07
> afiles
>
> # file: afiles
> # owner: W2K3TEST+bobadmin
> # group: W2K3TEST+awriters
> user::rwx
> user:afile:rwx          #effective:rwx
> group::rwx              #effective:rwx
> group:afile:rwx         #effective:rwx
> group:W2K3TEST+areaders:r-x             #effective:r-x
> group:W2K3TEST+awriters:rwx             #effective:rwx
> group:W2K3TEST+admins:rwx               #effective:rwx
> mask:rwx
> other:---
> default:user::rwx
> default:group::rwx
> default:group:W2K3TEST+areaders:r-x
> default:group:W2K3TEST+awriters:rwx
> default:group:W2K3TEST+admins:rwx
> default:mask:rwx
> default:other:---
> bash-3.00#
>
> ~Eric
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Friday, October 19, 2007 6:22 PM
> To: Eric Diven
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Can't see or change ACLs on Windows
>
> strange ...
> please post  getfacl output .
>
> On 10/19/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > Whoops, these were both supposed to go to the list.
> >
> > If I log on as the owner of the file, I still can't add another entry
> > to the ACL.  I can change the permissions set on the user, group and
> > world permissions, but that's it.  I do see that that the owner is
> > identified as the user I'm logged in as.
> >
> > ~Eric
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Friday, October 19, 2007 12:13 AM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't see or change ACLs on Windows
> >
> > make sure that user logged in to windows box is an owner of files .
> > as i know , only owner can change permissions .
> > try  # chown "administrator/DOMAIN" /samba/test.txt  , after that try
> > to set permissions on this file from windows .
> >
> >
> > On 10/18/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > > None when I open the security tab, but when I try to add an entry to
>
> > > the ACL, I get:
> > >
> > > "Unable to save permission changes on directory on 'croesus running
> > > samba (ipaddress)' (driveletter:).
> > >
> > > Access is denied."
> > >
> > > The smb.conf file is set up to allow admin access to both an AD user
>
> > > and
> > > group:
> > >
> > > the relevant sections of the smb.conf file:
> > >
> > > [global]
> > >         workgroup = W2K3TEST
> > >         realm = W2K3TEST.LOCAL
> > >         server string = croesus running samba
> > >         security = ADS
> > >         log file = /var/log/samba/log.%m
> > >         max log size = 50
> > >         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > >         printcap name = /etc/printcap
> > >         preferred master = No
> > >         dns proxy = No
> > >         idmap uid = 10000-20000
> > >         idmap gid = 10000-20000
> > >         winbind separator = +
> > >
> > > [afiles]
> > >         path = /foo/afiles
> > >         admin users = W2K3TEST+bobadmin, @W2K3TEST+admins
> > >         read only = No
> > >
> > > I've logged in both as another member of the W2K3TEST+admins group,
> > > and as W2K3TEST+bobadmin, and that doesn't seem to have any effect
> > > on whether or not it works.  I've also tried adding a non-domain
> > > user and
> >
> > > group to the ACL on the Solaris side to see if that would make an
> > > entry other that the standard permissions appear on Windows, but to
> > > no
> > avail.
> > >
> > > ~Eric
> > >
> > > -----Original Message-----
> > > From: Stas [mailto:narezatel at gmail.com]
> > > Sent: Thursday, October 18, 2007 3:39 PM
> > > To: Volker.Lendecke at sernet.de
> > > Cc: Eric Diven; samba at lists.samba.org
> > > Subject: Re: [Samba] Can't see or change ACLs on Windows
> > >
> > >  any errors on windows side when you try to set permissions?
> > >
> > > On 10/18/07, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:
> > > > On Thu, Oct 18, 2007 at 09:11:59AM -0400, Eric Diven wrote:
> > > > > Here you go:
> > > > >
> > > > > bash-3.00# /usr/local/samba/sbin/smbd -b | grep ACL
> > > > >    HAVE_SYS_ACL_H
> > > > >    HAVE_SOLARIS_ACLS
> > > > >    HAVE__ACL
> > > > >    HAVE__FACL
> > > > >
> > > > > It looks plausible to me, but I'm assuming you know better than
> > > > > I what
> > > >
> > > > That indeed looks right. No idea then, sorry. Maybe you want to
> > > > look
> >
> > > > in a debug level 10 log of smbd, search for
> > > > call_nt_transact_query_security_desc, maybe you find something
> > > > obvious.
> > > >
> > > > Volker
> > > >
> > > > --
> > > > To unsubscribe from this list go to the following URL and read the
> > > > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > > >
> > > >
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
>

More information about the samba mailing list