[Samba] problems with Windows ACL
Sven Neukirchner
s.neukirchner at konabi.de
Tue Jan 22 09:58:10 GMT 2008
Hi,
I have set up samba with ACL Support.
I have set up Groups and users:
#net groupmap list
Domain Admins (S-1-5-21-3027381482-3940328739-3509331320-512) -> ntadmin
Domain Guests (S-1-5-21-3027381482-3940328739-3509331320-514) -> nobody
Domain Users (S-1-5-21-3027381482-3940328739-3509331320-513) -> users
#pdbedit -L -v sambasven
Unix username: sambasven
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3027381482-3940328739-3509331320-3004
Primary Group SID: S-1-5-21-3027381482-3940328739-3509331320-513
Full Name:
Home Directory: \\asw-server\sambasven
HomeDir Drive: K:
Logon Script: logon.bat
Profile Path: \\asw-server\profiles\.msprofile
Domain: ASW.LOCAL
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Di, 19 Jan 2038 04:14:07 CET
Kickoff time: Di, 19 Jan 2038 04:14:07 CET
Password last set: Do, 03 Jan 2008 10:58:29 CET
Password can change: Do, 03 Jan 2008 10:58:29 CET
Password must change: Di, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
# pdbedit -L -v nicos
Unix username: nicos
NT username:
Account Flags: [U ]
User SID: S-1-5-21-3027381482-3940328739-3509331320-3000
Primary Group SID: S-1-5-21-3027381482-3940328739-3509331320-513
Full Name: nicos,,,
Home Directory: \\asw-server\nicos
HomeDir Drive: K:
Logon Script: logon.bat
Profile Path: \\asw-server\profiles\.msprofile
Domain: ASTERISK
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Di, 19 Jan 2038 04:14:07 CET
Kickoff time: Di, 19 Jan 2038 04:14:07 CET
Password last set: Do, 03 Jan 2008 10:16:01 CET
Password can change: Do, 03 Jan 2008 10:16:01 CET
Password must change: Di, 19 Jan 2038 04:14:07 CET
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
asterisk:~#
I have setup a samba share:
[daten]
comment = Dateiverzeichnis
path = /mnt/sdc1/daten
readonly=no
create mask = 0770
directory mask = 0770
Now user nicos is greating a file on the share.
The acl looks like expected:
# file: mnt/sdc1/daten/nicos.txt
# owner: nicos
# group: users
user::rwx
group::rw-
other::---
Now I do not want user "sambasven" to delete the file, so I change the acl
to:
# file: mnt/sdc1/daten/nicos.txt
# owner: nicos
# group: users
user::rwx
group::---
other::---
No User "sambasven" can open the file but cannot save the file.
But the problem is he can delete the file.
Has anybody a idée?
I am thanksfull for any help.
Sven
More information about the samba
mailing list