[Samba] problems with Windows ACL

Sven Neukirchner s.neukirchner at konabi.de
Tue Jan 22 09:58:10 GMT 2008 

Hi,

I have set up samba with ACL Support.
I have set up Groups and users:


#net groupmap list

Domain Admins (S-1-5-21-3027381482-3940328739-3509331320-512) -> ntadmin
Domain Guests (S-1-5-21-3027381482-3940328739-3509331320-514) -> nobody
Domain Users (S-1-5-21-3027381482-3940328739-3509331320-513) -> users


#pdbedit -L -v sambasven

Unix username:        sambasven
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-3027381482-3940328739-3509331320-3004
Primary Group SID:    S-1-5-21-3027381482-3940328739-3509331320-513
Full Name:
Home Directory:       \\asw-server\sambasven
HomeDir Drive:        K:
Logon Script:         logon.bat
Profile Path:         \\asw-server\profiles\.msprofile
Domain:               ASW.LOCAL
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Di, 19 Jan 2038 04:14:07 CET
Kickoff time:         Di, 19 Jan 2038 04:14:07 CET
Password last set:    Do, 03 Jan 2008 10:58:29 CET
Password can change:  Do, 03 Jan 2008 10:58:29 CET
Password must change: Di, 19 Jan 2038 04:14:07 CET
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


# pdbedit -L -v nicos

Unix username:        nicos
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-3027381482-3940328739-3509331320-3000
Primary Group SID:    S-1-5-21-3027381482-3940328739-3509331320-513
Full Name:            nicos,,,
Home Directory:       \\asw-server\nicos
HomeDir Drive:        K:
Logon Script:         logon.bat
Profile Path:         \\asw-server\profiles\.msprofile
Domain:               ASTERISK
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Di, 19 Jan 2038 04:14:07 CET
Kickoff time:         Di, 19 Jan 2038 04:14:07 CET
Password last set:    Do, 03 Jan 2008 10:16:01 CET
Password can change:  Do, 03 Jan 2008 10:16:01 CET
Password must change: Di, 19 Jan 2038 04:14:07 CET
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
asterisk:~#



I have setup a samba share:

[daten]
comment = Dateiverzeichnis
path = /mnt/sdc1/daten
readonly=no
create mask = 0770
directory mask = 0770





Now user nicos is greating a file on the share.
The acl looks like expected:


# file: mnt/sdc1/daten/nicos.txt
# owner: nicos
# group: users
user::rwx
group::rw-
other::---


Now I do not want user "sambasven" to delete the file, so I change the acl
to:



# file: mnt/sdc1/daten/nicos.txt
# owner: nicos
# group: users
user::rwx
group::---
other::---



No User "sambasven"  can  open the file but cannot save the file.
But the problem is he can delete the file.

Has anybody a idée?

I am thanksfull for any help.


Sven

More information about the samba mailing list