[Samba] acl's, Samba4 and rw shares

steve steve at steve-ss.com
Thu Feb 16 10:31:52 MST 2012


On 02/16/2012 03:48 PM, Aaron E. wrote:
> The permissions are slightly different for s4, as in you will be 
> setting most of the folder perissions at the windows level. Youll need 
> to make sure that user_xattr and acl is enabled for the filesystem.
>
That seems OK:
mount | grep xattr
/dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0)
> You can't really chmod per say, youll need to access the security tab 
> for the share and apply permissions you need at that level...
>

> you can view the permissions using the samba-tool for the share at the 
> nix level like so
>
> samba-tool ntacl folder/file
>
> you'll see this gives a bunch of jibberish but you will see it 
> working.. If you havn't assigned perms through windows yet it will 
> return stating no permissions or something to that effect..
>
I tried this:
-rw-r----- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2
samba-tool ntacl get /home/dropbox/s2
ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data 
available')
   File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 162, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py", 
line 106, in run
     acl = getntacl(lp, file, xattr_backend, eadb_file)
   File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", 
line 62, in getntacl
     xattr.XATTR_NTACL_NAME)

samba-tool ntacl set /home/dropbox/s2
Usage: samba-tool ntacl set <acl> <file> [options]

But I can't find that documented anywhere. Would I need to look in the 
source to get a list of options? Basically I'm trying not to have to tie 
up a windows box to do his stuff.

> Youneed to set the setfacl -m default:user:xxx folder for inheritance 
> in linux but windows users will always use ntacls I believe
>
I've done a few ldbsearch's in /usr/local/samba/private but I can't find 
anything to do with the dropbox share I have defined.

Any ideas?
Thanks
>
>
> On 02/16/2012 06:37 AM, steve wrote:
>> Hi
>> I'm trying to make a share called dropbox rw for members of a group.
>>
>> /usr/local/samba/etc/smb.conf
>> [global]
>> server role = domain controller
>> workgroup = CACTUS
>> realm = hh3.site
>> netbios name = HH3
>> passdb backend = samba4
>> template shell = /bin/bash
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>> read only = No
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>> [home]
>> path = /home/CACTUS/%USERNAME%
>> read only = No
>> [profiles]
>> path = /home/CACTUS/profiles%USERNAME%
>> read only = No
>> [dropbox]
>> path = /home/dropbox
>> read only = No
>>
>> I have
>>
>> mkdir -m 0770 /home/dropbox
>> chown steve:debusers /home/dropbox
>> chmod g+s /home/dropbox/
>> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>>
>> getfacl /home/dropbox/
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/dropbox/
>> # owner: steve
>> # group: debusers
>> # flags: -s-
>> user::rwx
>> group::rwx
>> group:debusers:rw-
>> mask::rwx
>> other::---
>> default:user::rwx
>> default:group::rwx
>> default:group:debusers:rw-
>> default:mask::rwx
>> default:other::---
>>
>> If I create a file in the share using touch (or right click on the share
>> > new in explorer), no problem:
>>
>> steve2 at hh3:~$ touch /home/dropbox/hola
>> steve2 at hh3:~$ ls -l /home/dropbox/hola
>> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>>
>> But, if I create the file in my home folder (or the mapped home folder
>> drive on Windows) and then copy or drag it to the share, I don't get
>> group rw:
>> steve2 at hh3:~$ touch hola2
>> steve2 at hh3:~$ cp hola2 /home/dropbox/
>> steve2 at hh3:~$ ls -la /home/dropbox/hola2
>> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>>
>> None of the smb.conf force group nor acl commands are recognised. I
>> could cron the setfacl as a workaround or get the users to chmod it to
>> 660 but, well. . .
>>
>> 1. Is it possible to copy a file to a folder and have it inherit the
>> parent folder permissions?
>> 2. How do you chmod 660 on windows?
>>
>> Thanks,
>> Steve
>>
>>
>>
>>
>>
>>
>



More information about the samba mailing list