[Samba] Change permissions as administrator

Andrés Domínguez andresdju at gmail.com
Mon Apr 28 08:34:55 MDT 2014 

2014-04-28 13:14 GMT+02:00 steve <steve at steve-ss.com>:
>
> > It seems that this works. I thought that  'SeDiskOperatorPrivilege' was
> > enough to change permissions. What 'SeDiskOperatorPrivilege' means
> > then?
> You only need it if you're pointing and clicking from a windows machine.
> We think.
>

The goal was to be able to change permissions from windows, I can set
permissions
with setfacl.

> Or simply use setfacl to give Administrator rw on the share(s)
> > >
> >
> > Administrator had rwx and was owner of the share's root directory.
> >
> Can you post:
> smb.conf
> getfacl /path/to/that/share
> and
> /etc/fstab

Configuration:

Debian amd64 kernel 3.12.
Samba 4.1.6-Debian (from distro)

/etc/samba/smb.conf:

[global]

   workgroup = MYDOMAIN
   security = ADS
   realm = MYDOMAIN.COM

   idmap config *:backend = tdb
   idmap config *:range = 1000000-1999999
   idmap config MYDOMAIN:backend = rid
   idmap config MYDOMAIN:range = 10000-49999

   winbind nss info = rfc2307
   winbind enum users = yes
   winbind enum groups = yes
   winbind use default domain = yes
   winbind nested groups = yes
   winbind refresh tickets = yes
   winbind separator = +
   template homedir = /home/%D/%U
   template shell = /bin/bash

   vfs objects = btrfs
   map acl inherit = Yes
   store dos attributes = Yes

[Demo]
   path = /var/samba/Demo
   read only = no
   admin users = administrador -> New addition (WORKS)

# ls -lh /var/samba/Demo

drwxrwxr-x+ 1 administrador root  722 Apr 10 12:42 Demo

# getfacl Demo

# file: Demo/
# owner: administrador
# group: root
user::rwx
user:multimedia:rwx
group::rwx
group:root:rwx
group:administrador:rwx
group:multimedia:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:administrador:rwx
default:user:multimedia:rwx
default:group::---
default:group:root:rwx
default:group:administrador:rwx
default:group:multimedia:rwx
default:mask::rwx
default:other::---

/etc/fstab:

UUID=5b42dc79-7121-4ac2-bb20-c0a6ba8783f2 /var/samba btrfs defaults 0 0

/etc/nsswitch.conf:


passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


# net rpc rights list accounts -Uadministrador

MYDOMAIN\Admins. del dominio
SeDiskOperatorPrivilege

BUILTIN\Administrators
SeDiskOperatorPrivilege
...

Everyone
No privileges assigned

MYDOMAIN\administrador

SeDiskOperatorPrivilege

>
> > Although I don't fully understand what's going on it's now working. Thank
> > you very much.
> >
> Well done.
>
> Another way you may want to consider is to map Administrator to say,
> root on the file server.
>

I tried usernamemap:
!root = MYDOMAIN\Administrador

and smbusers:
# Unix_name = SMB_Name1 SMB_Name2 ...
root = administrador Administrador
nobody = guest smbguest pcguest

without success.

This is my first samba configuration, it's probably badly configured.

Andrés

>

More information about the samba mailing list