[Samba] acl's, Samba4 and rw shares

Aaron E. ssureshot at gmail.com
Thu Feb 16 11:06:13 MST 2012


If you apply ntacl to the share in windows you will not get this error
"ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No 
data available') "
That is simply saying there are no extra ntacl settings applied to the 
share.. If there were you would see them..

Unfortunately I cannot help with applying settings from the command 
line, I was also trying to accomplish this to no avail.. I would suggest 
setting share permissions through windows and then looking at them via 
command line,, they are like nothing your going to want to work with.

I posed this question in samba-technical IRC, was advised that 
samba-tool ntacl was more for scripting than actual management at this 
point in time..


I believe you'll get better results with tieing up a windows box..

On 02/16/2012 12:31 PM, steve wrote:
> On 02/16/2012 03:48 PM, Aaron E. wrote:
>> The permissions are slightly different for s4, as in you will be
>> setting most of the folder perissions at the windows level. Youll need
>> to make sure that user_xattr and acl is enabled for the filesystem.
>>
> That seems OK:
> mount | grep xattr
> /dev/sda1 on / type ext4 (rw,errors=remount-ro,user_xattr,commit=0)
>> You can't really chmod per say, youll need to access the security tab
>> for the share and apply permissions you need at that level...
>>
>
>> you can view the permissions using the samba-tool for the share at the
>> nix level like so
>>
>> samba-tool ntacl folder/file
>>
>> you'll see this gives a bunch of jibberish but you will see it
>> working.. If you havn't assigned perms through windows yet it will
>> return stating no permissions or something to that effect..
>>
> I tried this:
> -rw-r----- 1 steve2 debusers 0 2012-02-16 14:47 /home/dropbox/s2
> samba-tool ntacl get /home/dropbox/s2
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data
> available')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 162, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ntacl.py",
> line 106, in run
> acl = getntacl(lp, file, xattr_backend, eadb_file)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
> line 62, in getntacl
> xattr.XATTR_NTACL_NAME)
>
> samba-tool ntacl set /home/dropbox/s2
> Usage: samba-tool ntacl set <acl> <file> [options]
>
> But I can't find that documented anywhere. Would I need to look in the
> source to get a list of options? Basically I'm trying not to have to tie
> up a windows box to do his stuff.
>
>> Youneed to set the setfacl -m default:user:xxx folder for inheritance
>> in linux but windows users will always use ntacls I believe
>>
> I've done a few ldbsearch's in /usr/local/samba/private but I can't find
> anything to do with the dropbox share I have defined.
>
> Any ideas?
> Thanks
>>
>>
>> On 02/16/2012 06:37 AM, steve wrote:
>>> Hi
>>> I'm trying to make a share called dropbox rw for members of a group.
>>>
>>> /usr/local/samba/etc/smb.conf
>>> [global]
>>> server role = domain controller
>>> workgroup = CACTUS
>>> realm = hh3.site
>>> netbios name = HH3
>>> passdb backend = samba4
>>> template shell = /bin/bash
>>> [netlogon]
>>> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
>>> read only = No
>>> [sysvol]
>>> path = /usr/local/samba/var/locks/sysvol
>>> read only = No
>>> [home]
>>> path = /home/CACTUS/%USERNAME%
>>> read only = No
>>> [profiles]
>>> path = /home/CACTUS/profiles%USERNAME%
>>> read only = No
>>> [dropbox]
>>> path = /home/dropbox
>>> read only = No
>>>
>>> I have
>>>
>>> mkdir -m 0770 /home/dropbox
>>> chown steve:debusers /home/dropbox
>>> chmod g+s /home/dropbox/
>>> setfacl -Rm g:debusers:rw,d:g:debusers:rw /home/dropbox/
>>>
>>> getfacl /home/dropbox/
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/dropbox/
>>> # owner: steve
>>> # group: debusers
>>> # flags: -s-
>>> user::rwx
>>> group::rwx
>>> group:debusers:rw-
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:group::rwx
>>> default:group:debusers:rw-
>>> default:mask::rwx
>>> default:other::---
>>>
>>> If I create a file in the share using touch (or right click on the share
>>> > new in explorer), no problem:
>>>
>>> steve2 at hh3:~$ touch /home/dropbox/hola
>>> steve2 at hh3:~$ ls -l /home/dropbox/hola
>>> -rw-rw----+ 1 steve2 debusers 0 2012-02-16 12:11 /home/dropbox/hola
>>>
>>> But, if I create the file in my home folder (or the mapped home folder
>>> drive on Windows) and then copy or drag it to the share, I don't get
>>> group rw:
>>> steve2 at hh3:~$ touch hola2
>>> steve2 at hh3:~$ cp hola2 /home/dropbox/
>>> steve2 at hh3:~$ ls -la /home/dropbox/hola2
>>> -rw-r-----+ 1 steve2 debusers 0 2012-02-16 12:12 /home/dropbox/hola2
>>>
>>> None of the smb.conf force group nor acl commands are recognised. I
>>> could cron the setfacl as a workaround or get the users to chmod it to
>>> 660 but, well. . .
>>>
>>> 1. Is it possible to copy a file to a folder and have it inherit the
>>> parent folder permissions?
>>> 2. How do you chmod 660 on windows?
>>>
>>> Thanks,
>>> Steve
>>>
>>>
>>>
>>>
>>>
>>>
>>
>



More information about the samba mailing list