[Samba] setfacl: Option -m: Invalid argument near character 3

Fri Dec 19 06:22:56 MST 2014

Matt,

Thanks for the reply.  I'm not trying to add the "users" group.  I'm
trying to add the "Domain Users" group.  That is the reason for the \ in
front of the space.  It's translated as a literal.  I think I could also
put quotes around it and not have to use the \ and the space.  

The problem is getent group only is listing local unix groups.  I think
that is why setfacl is not able to add active directory groups to the
acl.

Rich. 

-----Original Message-----
From: Mattias Zhabinskiy [mailto:mattiasz at thinklogical.com] 
Sent: Friday, December 19, 2014 12:15 AM
To: Rich Webb
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

Hello Rich,

First of all remove space in front of the group name "users":

setfacl -R -m g:MYDOM\\domain\users:rwx ./shared

For example, following command works for me:

[root at vmtest007 tmp]# ls -ld test4
drwxrwsr-x. 2 root g-sales       4096 Dec 19 00:10 test4

[root at vmtest007 tmp]# setfacl -Rm g:MYDOMAIN\\g-admin:rwx test4

[root at vmtest007 tmp]# getfacl test4
# file: test4
# owner: root
# group: g-sales
# flags: -s-
user::rwx
group::rwx
group:g-admin:rwx
mask::rwx
other::r-x

[root at vmtest007 tmp]# ls -ld test4
drwxrwsr-x+ 2 root g-sales 4096 Dec 19 00:10 test4

where MYDOMAIN is windows domain name and g-admin is a group name in
MYDOMAIN.
Make sure that group "users" exists by running "getent group users"
command, for e.g. in my case:
[root at vmtest007 tmp]# getent group g-admin
g-admin:x:91608:alex,bill,joe,kevin

Regards,
Matt

________________________________________
From: samba-bounces at lists.samba.org <samba-bounces at lists.samba.org> on
behalf of Rich Webb <rwebb at zylatech.com>
Sent: Thursday, December 18, 2014 8:33 PM
To: samba at lists.samba.org
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

Please is there anyone who has an answer on why this might be happening?
Do I need some sort of sssd support or winbind or something?  In the
wiki about setting up acl's it doesn't say anything about any other
requirements, only that you have to have acl support and xattr support
in your filesystem which I do.

I'm trying to deploy this server and I need a working solution tomorrow
- kind of in a bind.. I hope someone can help.

Thanks,
Rich

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Rich Webb
Sent: Thursday, December 18, 2014 6:29 PM
To: samba at lists.samba.org
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

I just tried that and I got the same error.  I think there is some
extended acl support that I'm missing somewhere.

It's like the setfacl command is not recognizing the AD groups as valid
groups.

I should also add the following information:

This server is built up on CentOS 6.6 Minimal using the Sernet-Samba
Enterprise packages.

It looks like the binary that is running is /usr/sbin/samba and that is
started with /etc/rc.d/init.d/sernet-samba-ad start

Rich

-----Original Message-----
From: samba-bounces at lists.samba.org
[mailto:samba-bounces at lists.samba.org] On Behalf Of Miguel Medalha
Sent: Thursday, December 18, 2014 4:42 PM
To: Rich Webb; samba at lists.samba.org
Subject: Re: [Samba] setfacl: Option -m: Invalid argument near character
3

> I tried setting the permissions from the command line using:
>
> setfacl -R -m g:MYDOM\\domain\ users:rwx ./shared
>
> and it gives me:
>
> setfacl: Option -m: Invalid argument near character 3
>

You should enter:

setfacl -Rm g:MYDOM\\domain\ users:rwx ./shared

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba