[Samba] problem with samba and acl

bikrish at aim.com bikrish at aim.com
Wed Aug 20 06:03:02 GMT 2008


Hi all


I am using centos 5.2. Samba 3.2.1 as PDC with ldap backend.? Is it possible to acheive windows acls in samba?? My requirement is 

1.? In a particular share, a specfied users should be able to modify the created the files like Microsoft word or excel etc. but should not be able to delete or create any new? files in the share ( which is possible in windows NT share) 

2. I am able to modify the notepad files in the share where i have not given delete permission to users. But when i modify the Microsoft word file, users are not able to edit it and found the reason behind it , microsoft word create temp file in the current working directory. Because user are not given permission to create file so temp file doesn't get create when editing microsoft word file and they are not able to edit the MS word file. Notepad doesn't create any temp file so i am able edit the notepad file.

I have mounted the share with acl options too. 
Here is my smb.conf file
[global]
??????? dos charset = 850
??????? unix charset = ISO8859- 1
??????? workgroup = TETRADOM
??????? obey pam restrictions = Yes
??????? password server = 192.168.1.151
??????? passdb backend = ldapsam:ldap://127.0.0.1/
??????? username map = /etc/samba/smbusers
??????? log level = 3
??????? log file = /var/log/samba/%m.log
??????? time server = Yes
??????? unix extensions = No
??????? add user script = /usr/sbin/smbldap-useradd -m %u
??????? delete user script = /usr/sbin/smbldap-userdel %u
??????? add group script = /usr/sbin/smbldap-groupadd -p %g
??????? delete group script = /usr/sbin/smbldap-groupdel %g
??????? add user to group script = /usr/sbin/smbldap-groupmod -m %g %u
??????? delete user from group script = /usr/sbin/smbldap-groupmod -x %g %u
??????? set primary group script = /usr/sbin/smbldap-usermod -g %g %u
??????? add machine script = /usr/sbin/smbldap-useradd -w %u
??????? logon script =
??????? logon path =
??????? logon drive = H:
??????? logon home =
??????? domain logons = Yes
??????? os level = 65
??????? preferred master = Yes
??????? domain master = Yes
??????? ldap admin dn = cn=Manager,dc=tetra,dc=com
??????? ldap group suffix = ou=Groups
??????? ldap idmap suffix = ou=Users
??????? ldap machine suffix = ou=Computers
??????? ldap passwd sync = Yes
??????? ldap suffix = dc=tetra,dc=com
??????? ldap ssl = no
??????? ldap user suffix = ou=People
??????? idmap uid = 15000-20000
??????? idmap gid = 15000-20000
??????? ea support = Yes
??????? map acl inherit = Yes
??????? store dos attributes = Yes
??????? dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
??????? dos filemode = Yes

[homes]
??????? comment = Home Directories
??????? path = /home/%u
??????? valid users = %S
??????? read only = No
??????? browseable = No

[netlogon]
??????? comment = Network Logon service
??????? path = /home/netlogon
??????? guest ok = Yes
??????? browseable = No

[test]
??????? comment = Data2
??????? path = /test
??????? valid users = +tetrasuper, +tetra
??????? read list = +tetrasuper, +tetra
??????? write list = +tetrasuper, +tetra
??????? create mask = 0644
??????? force create mode = 0766
??????? inherit owner = Yes

[tetra]
??????? comment = data
??????? path = /tetra
??????? read only = No
??????? create mask = 0644
??????? force create mode = 01666
??????? directory mask = 01755
??????? inherit owner = Yes
??????? hide files = /*.tmp/
??????? nt acl support = yes



If there anyone who can help with this situation.

Thanks


More information about the samba mailing list