[Samba] [acl] setting user/group permissions from windows
Heiko Harders
heiko.harders at gmail.com
Thu Aug 7 12:21:55 GMT 2008
Hello,
I've setup a samba PDC (3.0.31) and I am using Windows Vista clients.
Logging on works fine using roaming profiles and folder redirections.
I am also able to write to shares, etc.
Now I am trying to get the advanced permissions on files to work. So
on my share:
[share]
comment = Shared directories
path = /samba/share
read only = No
guest ok = Yes
With the following user rights in Linux:
drwxrwxr-x 5 nobody Domain Users 4096 2008-08-07 13:53 share
I create a directory called 'test' with the user 'tdummy'.
The permissions on this directory in Linux are now:
drwxrwxr-x 3 tdummy Domain Users 4096 2008-08-07 13:23 test
When I try to give the user 'mbuster' (also a member of the group
"Domain Users") a special set of user rights from windows (using the
security tab on the directory properties), I get the message that
access is denied (whatever rights I choose). So I thought lets try it
from the Linux side and I added some acl rights to that directory for
the user 'mbuster'. So a getfacl now shows:
# file: test
# owner: tdummy
# group: Domain\040Users
user::rwx
user:mbuster:rwx
group::r-x
mask::rwx
other::r-x
But the user permissions for 'mbuster' are not shown in the security
tab of the windows file properties. So this does not seem to work (is
it supposed to work like this?).
I have build samba with the --with-acl-support option. In my fstab,
the options acl and user_xattr are used. My smb.conf can be found
overhere:
http://pastebin.ca/1094618
So, I have a properly working domain, users can log on, they can
create/delete/modify files on their home directories and the shared
directories, but I am not able to change acl permissions from windows
and if I change them from Linux with setfacl, they are not shown nor
do have any effect in Windows.
Does anybody know what I am doing wrong? Or can a extensive guide to
setup acl's properly be found somewhere (the guides I found were not
that extensive and didn't work for me)?
Greetings,
Heiko
More information about the samba
mailing list