[Samba] Can't see or change ACLs on Windows
narezatel at gmail.com
Tue Oct 30 11:02:50 GMT 2007
user that logged in to windows is DOMAIN/administrators group member ?
seems it have some meaning for samba . try to use the built-in
domain administrator account as a windows login .
i removed all ACL's from test directory and changed owner user and
group to root so getfacl shows :
# file: mnt/loop/1
# owner: root
# group: root
and no one had access to files .
but i was still able to take ownership and after that set ACL's from
windows box if logged in as user that domain administrators group
member , or administrator itself.
btw , do you try to set file access permissions or change files owner ?
if you try to change ownership to some domain group you will always
get "access denied" error since samba doesn't support group ownership.
On 10/29/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Monday, October 29, 2007 1:37 PM
> To: Eric Diven
> Subject: Re: [Samba] Can't see or change ACLs on Windows
> well , lets's try again ..
> create test directory " /samba/testdir
> run # chmod 777 -R /samba/testdir
> create share in smb.conf that points to /samba/test create some file in
> new share from windows box.
> open file properties and check permissions and owner ( you should see
> "everyone - full control , CREATOR OWNER - full control , etc , and
> owner of created file should be user that logged in ) now try to set
> permissions , it should work .
> if you want to restrict users - remove "everyone" from ACL list , this
> will just reset "Everyone" permission to "none" , so no one will able to
> modify files until you add specific users or groups to ACL list .
> looking strange but it worked for me..
> Still no luck.
> Our new directory:
> drwxrwxrwx 2 W2K3TEST+bobadmin W2K3TEST+awriters 512 Oct 29 13:41
> path = /foo/stastest
> writeable = yes
> inherit owner = yes
> inherit permissions = yes
> inherit acls = yes
> nt acl support = yes
> I've tried this with various inherit options on and off (including the
> dir sticky bit for inheriting group ownership) and still can't get it
> to go. I've also tried with varying ownerships on the directory with no
> change. Also, when I try to remove Everyone (or for that matter, the
> unix group or owner) from the ACL, it pops right back up. Everyone
> doesn't have Full Control set either. Nor for that matter does the
> group that owns the file. Both Everyone and the group get rw
> On 10/29/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Friday, October 26, 2007 6:56 PM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't see or change ACLs on Windows
> > any errors in samba's log?
> > what error exactly you get at windows box when you try to set
> > permissions?
> > Annoyingly, I'm not getting any logging for clients. Why, I don't
> > I see start-up messages correctly in the log.smbd file, including
> > those at log level 10, but not ones from clients.
> > Here are the logging-related lines from smbd.conf
> > # this tells Samba to use a separate log file for each machine # that
> > connects
> > log file = /var/log/samba/log.%m
> > # Put a capping on the size of the log files (in Kb).
> > max log size = 50
> > The exact text of the error I get in Windows is:
> > "Unable to save permission changes on hjkl.txt.
> > Access is denied
> > [OK]"
> > As usual, I'm logged in as the owner of the file.
> > Sigh.
> > Thanks for your continuing help on this, by the way. This is driving
> > me nuts.
> > ~Eric
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba