[Samba] Can't see or change ACLs on Windows

Stas narezatel at gmail.com
Tue Oct 30 11:02:50 GMT 2007 

user that logged in to windows is DOMAIN/administrators group member ?
seems it have some meaning for samba . try to use  the built-in
domain administrator account as a windows login .
i removed all ACL's from test directory and changed owner user and
group to root so getfacl shows :
# file: mnt/loop/1
# owner: root
# group: root
user::rwx
group::rwx
other::---

and no one had access to files .
but i was still able to take ownership and after that set ACL's from
windows box if logged in as user that domain administrators group
member , or administrator itself.

btw , do you try to set file access permissions  or change files owner ?
if you try to change ownership to some domain group you will always
get "access denied" error since samba doesn't support group ownership.






On 10/29/07, Eric Diven <eric.diven at edsiohio.com> wrote:
>
>
> -----Original Message-----
> From: Stas [mailto:narezatel at gmail.com]
> Sent: Monday, October 29, 2007 1:37 PM
> To: Eric Diven
> Subject: Re: [Samba] Can't see or change ACLs on Windows
>
> well , lets's  try again ..
> create test directory " /samba/testdir
> run # chmod 777 -R /samba/testdir
> create share in smb.conf that points to /samba/test create some file in
> new share from windows box.
> open file properties and check permissions and owner ( you should see
> "everyone - full control , CREATOR OWNER - full control  , etc , and
> owner of created file should be user that logged in ) now try to set
> permissions , it should work .
> if you want to restrict users -  remove "everyone" from ACL list , this
> will just reset "Everyone" permission to "none" , so no one will able to
> modify files until you add specific users or groups to ACL list .
> looking strange but it worked for me..
>
> Still no luck.
>
> Our new directory:
> drwxrwxrwx   2 W2K3TEST+bobadmin W2K3TEST+awriters     512 Oct 29 13:41
> stastest
>
> [stastest]
>    path = /foo/stastest
>    writeable = yes
>    inherit owner = yes
>    inherit permissions = yes
>    inherit acls = yes
>    nt acl support = yes
>
> I've tried this with various inherit options on and off (including the
> dir sticky bit for inheriting group ownership)  and still can't get it
> to go.  I've also tried with varying ownerships on the directory with no
> change.  Also, when I try to remove Everyone (or for that matter, the
> unix group or owner) from the ACL, it pops right back up.  Everyone
> doesn't have Full Control set either.  Nor for that matter does the
> group that owns the file.  Both Everyone and the group get rw
> permissions.
>
> ~Eric
>
> ~Eric
>
> On 10/29/07, Eric Diven <eric.diven at edsiohio.com> wrote:
> >
> >
> > -----Original Message-----
> > From: Stas [mailto:narezatel at gmail.com]
> > Sent: Friday, October 26, 2007 6:56 PM
> > To: Eric Diven
> > Cc: samba at lists.samba.org
> > Subject: Re: [Samba] Can't see or change ACLs on Windows
> >
> > any errors in samba's log?
> > what error exactly you get at windows box when you try to set
> > permissions?
> >
> > Annoyingly, I'm not getting any logging for clients.  Why, I don't
> know.
> > I see start-up messages correctly in the log.smbd file, including
> > those at log level 10, but not ones from clients.
> >
> > Here are the logging-related lines from smbd.conf
> >
> > # this tells Samba to use a separate log file for each machine # that
> > connects
> >    log file = /var/log/samba/log.%m
> >
> > # Put a capping on the size of the log files (in Kb).
> >    max log size = 50
> >
> > The exact text of the error I get in Windows is:
> >
> > "Unable to save permission changes on hjkl.txt.
> >
> > Access is denied
> >            [OK]"
> >
> > As usual, I'm logged in as the owner of the file.
> >
> > Sigh.
> >
> > Thanks for your continuing help on this, by the way.  This is driving
> > me nuts.
> >
> > ~Eric
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list