[Samba] Change permissions as administrator
Andrés Domínguez
andresdju at gmail.com
Mon Apr 28 08:34:55 MDT 2014
2014-04-28 13:14 GMT+02:00 steve <steve at steve-ss.com>:
>
> > It seems that this works. I thought that 'SeDiskOperatorPrivilege' was
> > enough to change permissions. What 'SeDiskOperatorPrivilege' means
> > then?
> You only need it if you're pointing and clicking from a windows machine.
> We think.
>
The goal was to be able to change permissions from windows, I can set
permissions
with setfacl.
> Or simply use setfacl to give Administrator rw on the share(s)
> > >
> >
> > Administrator had rwx and was owner of the share's root directory.
> >
> Can you post:
> smb.conf
> getfacl /path/to/that/share
> and
> /etc/fstab
Configuration:
Debian amd64 kernel 3.12.
Samba 4.1.6-Debian (from distro)
/etc/samba/smb.conf:
[global]
workgroup = MYDOMAIN
security = ADS
realm = MYDOMAIN.COM
idmap config *:backend = tdb
idmap config *:range = 1000000-1999999
idmap config MYDOMAIN:backend = rid
idmap config MYDOMAIN:range = 10000-49999
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
winbind separator = +
template homedir = /home/%D/%U
template shell = /bin/bash
vfs objects = btrfs
map acl inherit = Yes
store dos attributes = Yes
[Demo]
path = /var/samba/Demo
read only = no
admin users = administrador -> New addition (WORKS)
# ls -lh /var/samba/Demo
drwxrwxr-x+ 1 administrador root 722 Apr 10 12:42 Demo
# getfacl Demo
# file: Demo/
# owner: administrador
# group: root
user::rwx
user:multimedia:rwx
group::rwx
group:root:rwx
group:administrador:rwx
group:multimedia:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:administrador:rwx
default:user:multimedia:rwx
default:group::---
default:group:root:rwx
default:group:administrador:rwx
default:group:multimedia:rwx
default:mask::rwx
default:other::---
/etc/fstab:
UUID=5b42dc79-7121-4ac2-bb20-c0a6ba8783f2 /var/samba btrfs defaults 0 0
/etc/nsswitch.conf:
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
# net rpc rights list accounts -Uadministrador
MYDOMAIN\Admins. del dominio
SeDiskOperatorPrivilege
BUILTIN\Administrators
SeDiskOperatorPrivilege
...
Everyone
No privileges assigned
MYDOMAIN\administrador
SeDiskOperatorPrivilege
>
> > Although I don't fully understand what's going on it's now working. Thank
> > you very much.
> >
> Well done.
>
> Another way you may want to consider is to map Administrator to say,
> root on the file server.
>
I tried usernamemap:
!root = MYDOMAIN\Administrador
and smbusers:
# Unix_name = SMB_Name1 SMB_Name2 ...
root = administrador Administrador
nobody = guest smbguest pcguest
without success.
This is my first samba configuration, it's probably badly configured.
Andrés
>
More information about the samba
mailing list