[Samba] acl's, Samba4 and rw shares

Aaron E. ssureshot at gmail.com
Thu Feb 16 07:48:47 MST 2012


The permissions are slightly different for s4, as in you will be setting 
most of the folder perissions at the windows level. Youll need to make 
sure that user_xattr and acl is enabled for the filesystem.

You can't really chmod per say, youll need to access the security tab 
for the share and apply permissions you need at that level...

you can view the permissions using the samba-tool for the share at the 
nix level like so

samba-tool ntacl folder/file

you'll see this gives a bunch of jibberish but you will see it working.. 
If you havn't assigned perms through windows yet it will return stating 
no permissions or something to that effect..

Youneed to set the setfacl -m default:user:xxx folder for inheritance in 
linux but windows users will always use ntacls I believe



On 02/16/2012 06:37 AM, steve wrote:
> Hi
> I'm trying to make a share called dropbox rw for members of a group.
>
> /usr/local/samba/etc/smb.conf
> [global]
> server role = domain controller
> workgroup = CACTUS
> realm = hh3.site
> netbios name = HH3
> passdb backend = samba4
> template shell = /bin/bash
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
> read only = No
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> [home]
> path = /home/CACTUS/%USERNAME%
> read only = No
> [profiles]
> path = /home/CACTUS/profiles%USERNAME%
> read only = No
> [dropbox]
> path = /home/dropbox
> read only = No
>
> I have
>
> mkdir -m 0770 /home/dropbox
> chown steve:debusers /home/dropbox
> chmod g+s /home/dropbox/
> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>
> getfacl /home/dropbox/
> getfacl: Removing leading '/' from absolute path names
> # file: home/dropbox/
> # owner: steve
> # group: debusers
> # flags: -s-
> user::rwx
> group::rwx
> group:debusers:rw-
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:debusers:rw-
> default:mask::rwx
> default:other::---
>
> If I create a file in the share using touch (or right click on the share
>  > new in explorer), no problem:
>
> steve2 at hh3:~$ touch /home/dropbox/hola
> steve2 at hh3:~$ ls -l /home/dropbox/hola
> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>
> But, if I create the file in my home folder (or the mapped home folder
> drive on Windows) and then copy or drag it to the share, I don't get
> group rw:
> steve2 at hh3:~$ touch hola2
> steve2 at hh3:~$ cp hola2 /home/dropbox/
> steve2 at hh3:~$ ls -la /home/dropbox/hola2
> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>
> None of the smb.conf force group nor acl commands are recognised. I
> could cron the setfacl as a workaround or get the users to chmod it to
> 660 but, well. . .
>
> 1. Is it possible to copy a file to a folder and have it inherit the
> parent folder permissions?
> 2. How do you chmod 660 on windows?
>
> Thanks,
> Steve
>
>
>
>
>
>



More information about the samba mailing list